Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

no internet access on vpn clients

Hi,

I setup an Asa 5510 for VPN client connections with local ip pool and IAS authentication. All is working fine for internal network (i can ping everywhere) but im not able to get internet access when im connected with the VPN. I was looking for nat (outside) examples but nothing.

Can someone help me with that.

Here is part of my config:

interface Ethernet0/0

description TO INTERNET

nameif outside

security-level 0

ip address xxx.xx.xx.xxx 255.255.255.0

interface Ethernet0/1

description LAN

nameif inside

security-level 100

ip address 172.xxx.xxx.xxx 255.255.128.0

access-list vpna extended permit ip any 192.168.125.0 255.255.255.0
ip local pool ippool 192.168.125.10-192.168.125.254
global (outside) 1 interface
global (outside) 2 200.xxx.xxx.xxx
nat (inside) 0 access-list vpnassa
route outside 192.168.125.0 255.255.255.0 200.xxx.xxx.xxx 1

1 ACCEPTED SOLUTION

Accepted Solutions

Re: no internet access on vpn clients

Hi,

If you're looking for the ASA to provide Internet access for the VPN clients, you need some things:

same-security-traffic permit intra-interface --> this will allow the ASA to reroute traffic backout the outside interface

nat (outside) 1 x.x.x.x mask  --> x.x.x.x is the VPN subnet

global (outside) 1 interface

Federico.

4 REPLIES

Re: no internet access on vpn clients

Hi,

If you're looking for the ASA to provide Internet access for the VPN clients, you need some things:

same-security-traffic permit intra-interface --> this will allow the ASA to reroute traffic backout the outside interface

nat (outside) 1 x.x.x.x mask  --> x.x.x.x is the VPN subnet

global (outside) 1 interface

Federico.

New Member

Re: no internet access on vpn clients

Thanks Federico !!!. Yesterday i added the line same-security-traffic permit intra-interface  but didnt work. Or maybe i forgot the nat (outside).

It worked perfect now !!.

Thank you so much for you help !

Cisco Employee

Re: no internet access on vpn clients

Hi,

Basically you will need to add the below 2 commands on the ASA:

same-security-traffic permit intra-interface

nat (outside) 1 192.168.125.0 255.255.255.0 outside

Below is a link you might want to refer to for U-turning config on the ASA for giving VPN client internet access through the ASA:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml

If you would like to provide the clients VPn access using their local gateway and not through the ASA, below is the config example:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml

Let me know if this helps. All the best!!

Thanks and Regards,

Prapanch

Re: no internet access on vpn clients

I'm very glad that it works for you now :-)

And thanks for the rating too.

Federico.

184
Views
0
Helpful
4
Replies
CreatePlease to create content