SSL VPN IOS no split-tunnel with internet

Unanswered Question
Mar 17th, 2010
User Badges:

Configuration below. I have CEF turned off, trying to get internet access for SSL VPN clients without split-tunnel. How do I accomplish this with IOS VPN?


webvpn gateway gateway_1
ip address  
http-redirect port 80
ssl trustpoint TP-self-signed-614248518
webvpn install svc flash:/webvpn/anyconnect-win-2.4.1012-k9.pkg sequence 1
webvpn context 2821ssl
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
policy group policy_1
   functions svc-enabled
   svc address-pool "SSLVPNPOOL"
   svc keep-client-installed
    virtual-template 3
default-group-policy policy_1
aaa authentication list ciscocp_vpn_xauth_ml_1
gateway gateway_1

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Wed, 03/17/2010 - 20:52
User Badges:
  • Cisco Employee,

You would need to configure the "ip nat inside" on the virtual template for the SSL VPN. The access-list to match the nat translation should deny traffic between the internal network towards the ip pool subnet, and permitting the ip pool subnet to any (internet).


This Discussion