cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
605
Views
0
Helpful
1
Replies

SSL VPN IOS no split-tunnel with internet

Aaron D
Level 1
Level 1

Configuration below. I have CEF turned off, trying to get internet access for SSL VPN clients without split-tunnel. How do I accomplish this with IOS VPN?

thanks-

webvpn gateway gateway_1
ip address  
http-redirect port 80
ssl trustpoint TP-self-signed-614248518
inservice
!
webvpn install svc flash:/webvpn/anyconnect-win-2.4.1012-k9.pkg sequence 1
!
webvpn context 2821ssl
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
!
!
policy group policy_1
   functions svc-enabled
   svc address-pool "SSLVPNPOOL"
   svc keep-client-installed
    virtual-template 3
default-group-policy policy_1
aaa authentication list ciscocp_vpn_xauth_ml_1
gateway gateway_1
inservice

1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

You would need to configure the "ip nat inside" on the virtual template for the SSL VPN. The access-list to match the nat translation should deny traffic between the internal network towards the ip pool subnet, and permitting the ip pool subnet to any (internet).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: