Cannot access internet when use Remote access on ASA 5520

Unanswered Question
Aug 24th, 2010

Hi all,

I'm successful config remote access on asa5520 on my company.

Diagram: inside (192.168.176.0/24) =>>ASA5520 =>>outside (10.1.27.0/24).

Outside network (10.1.27.0/24) can access internet, but when I use VPN, it cannot.

I can full access to inside and outside network.

I wonder when I use split tunneling, I must be able to access Internet??

But not. I need some help from you.

When connect by Cisco VPN client, I see that: Transparent Tunneling: Inactive.

Is it a cause?

Tks so much.

Dang Nguyen.

Viettel Cambodia company.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
athukral Tue, 08/24/2010 - 00:48

Thanks for the question!!

Well you will need to enable split tunneling to resolve this issue.

Can you please attach the running configuration and let me know the local subnet that you want to access on the intranet?

Once i get the configuration, i will go ahead and provide you with the configuration change that is needed to browse simulataneous internet.

Appreciate your time.

Regards,

Ankur

haidangbkit Tue, 08/24/2010 - 01:12

Thanks your quickly reply,

This is running-config of ASA.

I mention you just care about the VPN group policy: ITBILLING.

Because the firewall is running, I'm very careful on configuration.

I send you 2 config file: startup_config and running_config.

I'm so happy if receiving your advice about our config on ASA.

Thank you,

Dang Hai,

v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

Viettel Cambodia – Viettel Global

athukral Tue, 08/24/2010 - 01:23

Hello Dang,

Please try the following----


access-list split permit ip 192.168.176.0 10.1.1.0 255.255.255.0


group-policy ITBILLING attributes

no split-tunnel-network-list value ITBILLING_splitTunnelAcl

split-tunnel-network-list value split

After making changes, reconnect the client and then try.

Please let me know how it goes.

Thanks

Ankur

haidangbkit Tue, 08/24/2010 - 01:52

Ohh,

It's work very well, it's right.

Thank you very much.

I'm very happy with your support.

Best regards,

Dang Nguyen,

Viettel Cambodia company.

athukral Tue, 08/24/2010 - 07:48

Hello Dang,

I am glad that everything worked out well for you!

Please take care.

Regards,

Ankur

athukral Tue, 08/24/2010 - 17:35

Hello Dang,

Hope u must be doing fine!

Hope setup is working  fine for you...please let me know if u need any help.. Else please set the status to answered for this query.

Thanks

Ankur

Actions

This Discussion