03-04-2010 03:05 AM
Hello,
We have some 3002 VPN clients that need Internet access through the established VPN tunnel. The problem is that the ASA5520's external interface is blocking this traffic. It seems like it doesn't allow outbound traffic over the same external interface as where the VPN tunnel is terminated.
Is there some way we can solve this?
Kind regards,
Rutger
03-04-2010 06:35 AM
There sure is-
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807fc191.shtml#Same
Hope it helps.
03-04-2010 06:59 AM
Thanks Collin,
I can't seem to find our particular scenario in that document. We have VPN clients coming in on the external interface and moving out via the same external interface to access Internet. The external interface blocks this traffic probably because it sees the same MAC address on both sides of its interface (outside and inside).
Kind regards,
Rutger
03-04-2010 08:38 AM
Rutger-
You will need the same security statement and you may be missing NAT as well. If you can, post some of your logs when a user tries to access the internet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide