IPSec remote access

Unanswered Question
May 30th, 2009
User Badges:

Hi,


I have configured the ASA5510,configured for the IPSec Remote Access.Now in the remote PC I have loaded and configured the Cisco VPN client and configured also.


Now i am getting connected to the mai site through teh IPSec VPN,and the remote PC also getting the IP address,and able to access teh ain site inside network.Now the remote PC user wants the Internet access also simultaneously.For which I have to enable the split tunnel.How to do this?If I enable the Split tunnel....then accessing the internet from the Remote PC How tthe internet traffic will flow?


Please help me.


Regards


Newzion123


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
JORGE RODRIGUEZ Sat, 05/30/2009 - 08:00
User Badges:
  • Green, 3000 points or more

Hi Venkat,


You do not realy have to provide split tunnel if you want RA clients to use your internet via the ASA while VPN into your network personally I do not recommended unless is necessary. With split tunnel simply the intenet traffic will not cross the IPsec tunnel but rather will be handle by the users regualr internet traffic , RA VPN users internet flow simply does not cross your Firewall.


Split tunneling

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml


On the other hand if you want to have more control of RA VPN users internet access you can configure your RA tunnel group as full tunnel, thus the internet traffic flow RA users will be handled in/out through the ASA applience.


VPN Client for Public Internet VPN on a Stick

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml



Regards


newzion123 Sun, 05/31/2009 - 23:03
User Badges:

Hi Jorge,


Thanks a lot....It helped me a lot.....Now I can create a split tunnel....through split tunnel I able to access the Skype (Through my LAN gateway),DNS and resolving,telnet yahoo.com 80 is giving me a connectivity.....Tracert yahoo.com....very rarely shows the first hop as my LAN gateway.....most of the time does not show the first hop....

very few times I was able to browse the internet....most of the time not able to connect to the internet....but always I am able to connect to Skype for chat....

What and where could be the problem.


Please suggesst me.....Thanks a lot.


Regards,


Newzion123


Actions

This Discussion