cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5376
Views
0
Helpful
2
Replies

how to route specific IP through VPN tunnel

rga-rga-rga
Level 1
Level 1

I have set up Remote Access VPN using Cisco VPN.  
We use split tunneling to tunel internal IP range to VPN tunnel only.
Now I need to route specific IP address from Cisco VPN Client side
to internal network and through it to Internet.
I have added that specific IP address to split tunell ACL
I can check it using Cisco VPN Client, Status > Statistics, Route Details,
but when I traceroute to that specific IP address it ends on
first hop, ASA public interface.
ASA has 0.0.0.0/0 route set.
What more do I need to set up?

1 Accepted Solution

Accepted Solutions

Hi,

If you need to allow the VPN client to connect to the ASA and u-turn to the Internet you need:

same-security-traffic permit intra-interface

Also, make sure you NAT the traffic:

nat (outside) 1 VPN-range

global (outside) 1 interface

Be careful with the NAT commands above (is just an example and depends on your configuration).

Federico.

View solution in original post

2 Replies 2

Hi,

If you need to allow the VPN client to connect to the ASA and u-turn to the Internet you need:

same-security-traffic permit intra-interface

Also, make sure you NAT the traffic:

nat (outside) 1 VPN-range

global (outside) 1 interface

Be careful with the NAT commands above (is just an example and depends on your configuration).

Federico.

I already had

same-security-traffic permit intra-interface

in my configuration but NAT was the issue. I had

nat-control
global (outside) 1 interface
nat (inside) 0 access-list acl_no_nat_inside
nat (inside) 1 0.0.0.0 0.0.0.0

but

nat (outside) 1 172.27.127.0 255.255.255.0

(VPN address range) was missing.

Thanks for the clue!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: