Accessing the Internet through the VPN

Unanswered Question
Aug 17th, 2010

I have a pair of ASA 5550s.  I have several groups set up with multiple split tunneling configurations working just fine.  Folks are connecting through anyconnect and life is good.  However, I have an employee working at a site where they filter the Internet in a way that impares the work they are asking her to do.  In this case I would like to bring all of her traffic through the VPN where she can access both our internal resources and access the Internet using our connection instead, thereby giving her our unfiltered access.  Is that possible?  All routing seems to die once it hits the outside interface.  We are not doing any NAT.  The VPN pools are using public addressing.  The default route for the ASAs are set to the next hop on the public side.  This should work shouldn't it?  I thought I would ask that question before I start posting configs.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
manish arora Tue, 08/17/2010 - 17:38

Umm , This is something i never saw before public ip space for vpn pool , so this would be interesting. anyway,  can you replicate the vpn connection and check for error logs , such as  access denied because ip spoof or land attack etc  on the firewall ?

also , I think everyone here  would like to know the version that you are running and also post the configuration ? remove appropriate information ofcourse.



manish arora Tue, 08/17/2010 - 17:43

Missed earlier , make sure this command is present in your configuration :-

same-security-traffic permit intra-interface




This Discussion