03-04-2010 03:05 AM
Hello,
We have some 3002 VPN clients that need Internet access through the established VPN tunnel. The problem is that the ASA5520's external interface is blocking this traffic. It seems like it doesn't allow outbound traffic over the same external interface as where the VPN tunnel is terminated.
Is there some way we can solve this?
Kind regards,
Rutger
03-04-2010 06:35 AM
There sure is-
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807fc191.shtml#Same
Hope it helps.
03-04-2010 06:59 AM
Thanks Collin,
I can't seem to find our particular scenario in that document. We have VPN clients coming in on the external interface and moving out via the same external interface to access Internet. The external interface blocks this traffic probably because it sees the same MAC address on both sides of its interface (outside and inside).
Kind regards,
Rutger
03-04-2010 08:38 AM
Rutger-
You will need the same security statement and you may be missing NAT as well. If you can, post some of your logs when a user tries to access the internet.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: