Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
578
Views
0
Helpful
4
Replies

Help required for IPSec Vpn connection - internet not working after VPN connected

Tech Man
Level 1
Level 1

‎05-08-2017 04:14 AM - edited ‎02-21-2020 09:16 PM

Help required for IPSec Vpn connection - internet not working after VPN connected

VPN connected to Cisco ASA through VPN client 5.0.07. The vpn was established and we can access the network. But same time our internet from the vpn client PC is not working. 

any routing / gateway problem. I have searched a lot and found the tunnel configuration but still same issue. please suggest

vpn-tunnel-protocol ikev1
split-tunnel-policy excludespecified
split-tunnel-network-list value Local_Lan_access
default-domain value xxxxxxxxx
group-policy VPNGroup_1 internal
group-policy VPNGroup_1 attributes
dns-server value 192.168.10.10 87.237.197.3
vpn-tunnel-protocol ikev1
split-tunnel-policy excludespecified
split-tunnel-network-list value Local_Lan_access

Labels:
Preview file
40 KB
0 Helpful
4 Replies 4

Rahul Govindan
VIP Alumni
VIP Alumni

‎05-08-2017 05:41 AM

Your split tunnel policy is excludespecified. Which means that all traffic except the one defined in the "Local_Lan_access" ACL is sent through the VPN tunnel. This includes internet traffic also. If you need this traffic to work, you need to configure a Policy NAT rule on the ASA. An example of how to do this is here:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100918-asa-sslvpn-00.html#anc6

example NAT:

ciscoasa(config)# object network obj-AnyconnectPool
ciscoasa(config-network-object)# subnet 192.168.10.0 255.255.255.0
ciscoasa(config-network-object)# nat (outside,outside) dynamic interface
0 Helpful

Tech Man
Level 1
Level 1
In response to Rahul Govindan

‎05-09-2017 06:27 AM

tried this solution still not working c

0 Helpful

Rahul Govindan
VIP Alumni
VIP Alumni
In response to Tech Man

‎05-09-2017 06:27 AM

Did you also add the following command to allow traffic flow between the outside interface:

  1. ciscoasa(config)#same-security-traffic permit intra-interface

Check the ASA nat translations to see if VPN traffic is being translated on the ASA.  

0 Helpful

Tech Man
Level 1
Level 1
In response to Rahul Govindan

‎05-09-2017 10:56 PM

allow traffic flow between the outside interface is also configured. can you please tell how to configure NAT translation through ASDM.

My client network is 192.168.15.0

0 Helpful
Customers Also Viewed These Support Documents