ASA 5505 VPN works great but clients unable to access internet through tunnel

Answered Question
Jan 27th, 2010

We have an ASA 5505 running ASA 8.2.1, and using IPSec clients to Remote access into the main office.  The remote access is working great, with full access to the network resources at the main office, and the one thing I can't get to work is internet access through the tunnel.  I do not want to use split tunnelling.  I am using ASDM 6.2.1 for configuration.  Any assistance is appreciated.  I am probably missing something simple, and have looked at it so much, I am probably looking right past the mistake.  Thanks in advance for your time and assistance!    Jim

I have this problem too.
0 votes
Correct Answer by james.bastnagel about 6 years 10 months ago

add a nat statement for your client segment on the outside interface

nat (outside) access-list

then allow traffic to be routed back out the same interface it came in on

same-security-traffic permit intra-interface

*

*

*more info can be found here:

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807...

On Wed, Jan 27, 2010 at 11:12 PM, jimcanova <

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
james.bastnagel Thu, 01/28/2010 - 06:58

add a nat statement for your client segment on the outside interface

nat (outside) access-list

then allow traffic to be routed back out the same interface it came in on

same-security-traffic permit intra-interface

*

*

*more info can be found here:

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807...

On Wed, Jan 27, 2010 at 11:12 PM, jimcanova <

pudawat Thu, 01/28/2010 - 17:29

HI,

Just add the commands to Uturn the traffic from the outside inerface,

nat (outside) 1 subnet mask

global (outside) 1 interface

All the VPN client users would take ASAs public IP to go to the internet.Check Whatismyip.com

Regards,

Pradhuman

Actions

This Discussion