Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
673
Views
0
Helpful
3
Replies

Internet access VPN clients

Rutger Blom
Level 1
Level 1

‎03-04-2010 03:05 AM

Hello,

We have some 3002 VPN clients that need Internet access through the established VPN tunnel. The problem is that the ASA5520's external interface is blocking this traffic. It seems like it doesn't allow outbound traffic over the same external interface as where the VPN tunnel is terminated.

Is there some way we can solve this?

Kind regards,

Rutger

Labels:
0 Helpful
3 Replies 3

Rutger Blom
Level 1
Level 1
In response to Collin Clark

‎03-04-2010 06:59 AM

Thanks Collin,

I can't seem to find our particular scenario in that document. We have VPN clients coming in on the external interface and moving out via the same external interface to access Internet. The external interface blocks this traffic probably because it sees the same MAC address on both sides of its interface (outside and inside).

Kind regards,

Rutger

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to Rutger Blom

‎03-04-2010 08:38 AM

Rutger-

You will need the same security statement and you may be missing NAT as well. If you can, post some of your logs when a user tries to access the internet.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents