Internet access VPN clients

Unanswered Question
Mar 4th, 2010
User Badges:


We have some 3002 VPN clients that need Internet access through the established VPN tunnel. The problem is that the ASA5520's external interface is blocking this traffic. It seems like it doesn't allow outbound traffic over the same external interface as where the VPN tunnel is terminated.

Is there some way we can solve this?

Kind regards,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Rutger Blom Thu, 03/04/2010 - 06:59
User Badges:

Thanks Collin,

I can't seem to find our particular scenario in that document. We have VPN clients coming in on the external interface and moving out via the same external interface to access Internet. The external interface blocks this traffic probably because it sees the same MAC address on both sides of its interface (outside and inside).

Kind regards,


Collin Clark Thu, 03/04/2010 - 08:38
User Badges:
  • Purple, 4500 points or more


You will need the same security statement and you may be missing NAT as well. If you can, post some of your logs when a user tries to access the internet.


This Discussion

Related Content