Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Internet access for Remote VPN users

Hi,

I have CISCO ASA 5510 , i configured remote vpn for roming users which are connected through vpn clint .My email and one application is working fine but users wants also web browsing through it .Is their any option in ASDM , through which we manage easisly accessbility of vpn clints user (roming users)..My all vpn users are following single group.

7 REPLIES
Community Member

Re: Internet access for Remote VPN users

Hi,

The PIX/ASA has the split tunneling feature which you must configure for your remote access VPN in order to achieve what you want.

Check out this link:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml

What split tunneling does is basically it sends all the VPN traffic through the tunnel and everything else is sent through your normal Internet connection.

HTH,

Paulo

Community Member

Re: Internet access for Remote VPN users

Hi,

Thanks i am already useing split tunnel but when i connected throug vpn client ,mail and applications are running but we are not able to use web browser.

Cisco Employee

Re: Internet access for Remote VPN users

You can do split tunneling as the previous e mail or you can use the permit intra interface option on the ASA and have the VPN Clients to go the internet via your ASA.

Please refer the below URL for details:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008073b06b.shtml

Regards,

Arul

** Please rate all helfpul posts **

Community Member

Re: Internet access for Remote VPN users

That's true.

The advantage of the split tunneling is that you are not adding extra latency by encrypting the "Internet" traffic, sending it to the firewall and then the other way around.

Yet split tunneling has some risk involved because if the users PC is compromised then the attacker might also have access to company resources.

The solution Arul gave solves that problem since I would guess it makes life a lot more complicated for the attacker.

I think it's a trade-off you have to decide.

HTH,

Paulo

Community Member

Re: Internet access for Remote VPN users

Hi,

Thanks for your suggation .

I am using split tunnel concept but there is problem with internet access .

Thanks and regards,

sujeet

Community Member

Re: Internet access for Remote VPN users

Hi,

Not sure if this already resolved, but I had the same issue, the spili tunnel configuration was wrong from my end.

In your splittunnel ACLs, if you are tunnelling all the traffic, then this raises the issue.

Check the spilt tunnel permitted ACL and make sure, you configure with only your internal network range. (not 'ALL')

hth

MS

Community Member

Re: Internet access for Remote VPN users

Hi,

Thanks, for suggation.

170
Views
5
Helpful
7
Replies
CreatePlease to create content