Access internet through VPN

Unanswered Question
May 12th, 2010
User Badges:

All,


I need to have my remote clients access the Internet through the VPN using the AnyConnect client, meaning I need all traffic to go through the VPN and out our internal router to the Internet.  I know I can use the split-tunnel option but our corporate policy states all traffic needs to go through the VPN, web traffic included.  Currently my users have access to all internal resources but web traffic is not working.  How do I configure the ASA to allow web traffic through and routed out our main edge router?


Thanks,


Ken

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Wed, 05/12/2010 - 14:36
User Badges:
  • Cisco Employee,

How is the main edge router connected? To the outside of the ASA or to the inside of the ASA?


1) If it's connected to the outside of the ASA, then you would need to configure the following:

same-security-traffic permit intra-interface

nat (outside) 1


Assuming that you already have a corresponding global statement with sequence of 1 for the outside interface.


2) If it's connected to the inside of the ASA, then you need the following instead:

route inside 0.0.0.0 0.0.0.0 tunnelled


Assuming that your main edge route is doing the PAT for web browsing to the internet, then you would need to include the VPN Pool subnet in the NAT statement on the router, plus route for the ip pool subnet back towards the ASA inside interface.

Actions

This Discussion