Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Accessing outside application from vpn client on ASA

I have a customer running an ASA. He has an application that he access on the internet. That application uses an access list to restrict access to his site only. He wants to access it through his VPN clients. The traffic needs to have a source address of the ASA. Is this possible?

2 REPLIES
Bronze

Re: Accessing outside application from vpn client on ASA

The authentication proxy feature allows users to log in to a network or access the Internet via HTTP, with their specific access profiles automatically retrieved and applied from a TACACS+ or RADIUS server. The user profiles are active only when there is active traffic from the authenticated users.

This configuration is designed to bring up the web browser on 172.68.118.143 and aim it at 10.17.17.17. Since the VPN Client is configured to go through tunnel end-point 10.31.1.111 to get to the 10.17.17.x network, the IPSec tunnel is built and the PC gets the IP address out of the pool RTP-POOL (since mode-configuration is performed). Authentication is then requested by the Cisco 3640 Router. After the user enters a username and password (stored on the TACACS+ server at 172.68.118.115), the access list passed down from the server gets added to access list 118.

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008017b2a4.shtml

New Member

Re: Accessing outside application from vpn client on ASA

Interesting, but has nothing to do with my question. The answer is "same-security-traffic permit intra-interface"

104
Views
0
Helpful
2
Replies
CreatePlease login to create content