Cannot access internet when use Remote access on ASA 5520

Unanswered Question
Aug 24th, 2010
User Badges:

Hi all,


I'm successful config remote access on asa5520 on my company.

Diagram: inside (192.168.176.0/24) =>>ASA5520 =>>outside (10.1.27.0/24).

Outside network (10.1.27.0/24) can access internet, but when I use VPN, it cannot.

I can full access to inside and outside network.

I wonder when I use split tunneling, I must be able to access Internet??

But not. I need some help from you.


When connect by Cisco VPN client, I see that: Transparent Tunneling: Inactive.

Is it a cause?

Tks so much.


Dang Nguyen.

Viettel Cambodia company.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
athukral Tue, 08/24/2010 - 00:48
User Badges:
  • Silver, 250 points or more

Thanks for the question!!


Well you will need to enable split tunneling to resolve this issue.



Can you please attach the running configuration and let me know the local subnet that you want to access on the intranet?



Once i get the configuration, i will go ahead and provide you with the configuration change that is needed to browse simulataneous internet.


Appreciate your time.


Regards,


Ankur

haidangbkit Tue, 08/24/2010 - 01:12
User Badges:

Thanks your quickly reply,


This is running-config of ASA.

I mention you just care about the VPN group policy: ITBILLING.

Because the firewall is running, I'm very careful on configuration.

I send you 2 config file: startup_config and running_config.


I'm so happy if receiving your advice about our config on ASA.


Thank you,


Dang Hai,

v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

Viettel Cambodia – Viettel Global

athukral Tue, 08/24/2010 - 01:23
User Badges:
  • Silver, 250 points or more

Hello Dang,


Please try the following----


access-list split permit ip 192.168.176.0 10.1.1.0 255.255.255.0



group-policy ITBILLING attributes


no split-tunnel-network-list value ITBILLING_splitTunnelAcl


split-tunnel-network-list value split



After making changes, reconnect the client and then try.


Please let me know how it goes.


Thanks


Ankur

haidangbkit Tue, 08/24/2010 - 01:52
User Badges:

Ohh,


It's work very well, it's right.


Thank you very much.


I'm very happy with your support.


Best regards,


Dang Nguyen,


Viettel Cambodia company.

athukral Tue, 08/24/2010 - 07:48
User Badges:
  • Silver, 250 points or more

Hello Dang,


I am glad that everything worked out well for you!



Please take care.


Regards,


Ankur

athukral Tue, 08/24/2010 - 17:35
User Badges:
  • Silver, 250 points or more

Hello Dang,



Hope u must be doing fine!


Hope setup is working  fine for you...please let me know if u need any help.. Else please set the status to answered for this query.


Thanks


Ankur

Actions

This Discussion