Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpn clients need to use ASA public IP

Hello

I am using an ASA5510 running version 8.04

I have a requirement for vpn clients to terminate on the ASA (come in the outside interface) and to then use the public IP address of the ASA to access certain websites (go back out the same interface they came in). Is this possible?

What I would ultimately like to achieve is to have the vpn clients access certain websites through the ASA and the rest of the web through their own internet connection (split tunnelling). Would this be possibe in this scenario.

Thanks for your help.

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: vpn clients need to use ASA public IP

If vpn clients are 192.168.1.0/24 then...

global (outside) 1 interface

nat (outside) 1 192.168.1.0 255.255.255.0

same-security-traffic permit intra-interface

Then simply create your split tunnel acl and include all sites you want them to access through the remote ASA.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml

2 REPLIES
Green

Re: vpn clients need to use ASA public IP

If vpn clients are 192.168.1.0/24 then...

global (outside) 1 interface

nat (outside) 1 192.168.1.0 255.255.255.0

same-security-traffic permit intra-interface

Then simply create your split tunnel acl and include all sites you want them to access through the remote ASA.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml

New Member

Re: vpn clients need to use ASA public IP

implemented this in production - works well. just do the same setup as you would for any remote access and use the commands given above.

98
Views
0
Helpful
2
Replies