SSL VPN IOS no split-tunnel with internet

Unanswered Question
Mar 17th, 2010

Configuration below. I have CEF turned off, trying to get internet access for SSL VPN clients without split-tunnel. How do I accomplish this with IOS VPN?

thanks-

webvpn gateway gateway_1
ip address  
http-redirect port 80
ssl trustpoint TP-self-signed-614248518
inservice
!
webvpn install svc flash:/webvpn/anyconnect-win-2.4.1012-k9.pkg sequence 1
!
webvpn context 2821ssl
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
!
!
policy group policy_1
   functions svc-enabled
   svc address-pool "SSLVPNPOOL"
   svc keep-client-installed
    virtual-template 3
default-group-policy policy_1
aaa authentication list ciscocp_vpn_xauth_ml_1
gateway gateway_1
inservice

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Wed, 03/17/2010 - 20:52

You would need to configure the "ip nat inside" on the virtual template for the SSL VPN. The access-list to match the nat translation should deny traffic between the internal network towards the ip pool subnet, and permitting the ip pool subnet to any (internet).

Actions

This Discussion