Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
311
Views
4
Helpful
2
Replies

IPSec remote access

newzion123
Level 1
Level 1

‎05-30-2009 05:26 AM - edited ‎03-11-2019 08:37 AM

Hi,

I have configured the ASA5510,configured for the IPSec Remote Access.Now in the remote PC I have loaded and configured the Cisco VPN client and configured also.

Now i am getting connected to the mai site through teh IPSec VPN,and the remote PC also getting the IP address,and able to access teh ain site inside network.Now the remote PC user wants the Internet access also simultaneously.For which I have to enable the split tunnel.How to do this?If I enable the Split tunnel....then accessing the internet from the Remote PC How tthe internet traffic will flow?

Please help me.

Regards

Newzion123

Labels:
0 Helpful
2 Replies 2

JORGE RODRIGUEZ
Level 10
Level 10

‎05-30-2009 08:00 AM

Hi Venkat,

You do not realy have to provide split tunnel if you want RA clients to use your internet via the ASA while VPN into your network personally I do not recommended unless is necessary. With split tunnel simply the intenet traffic will not cross the IPsec tunnel but rather will be handle by the users regualr internet traffic , RA VPN users internet flow simply does not cross your Firewall.

Split tunneling

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml

On the other hand if you want to have more control of RA VPN users internet access you can configure your RA tunnel group as full tunnel, thus the internet traffic flow RA users will be handled in/out through the ASA applience.

VPN Client for Public Internet VPN on a Stick

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml

Regards

Jorge Rodriguez

newzion123
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎05-31-2009 11:03 PM

Hi Jorge,

Thanks a lot....It helped me a lot.....Now I can create a split tunnel....through split tunnel I able to access the Skype (Through my LAN gateway),DNS and resolving,telnet yahoo.com 80 is giving me a connectivity.....Tracert yahoo.com....very rarely shows the first hop as my LAN gateway.....most of the time does not show the first hop....

very few times I was able to browse the internet....most of the time not able to connect to the internet....but always I am able to connect to Skype for chat....

What and where could be the problem.

Please suggesst me.....Thanks a lot.

Regards,

Newzion123

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card