Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Internet Access Through VPN

My end users connect to our ASA 5510 using the Cisco VPN client for a IPSec connection. Due to security policies, we do not allow split-tunneling. My end users still require Internet access for their work. How do I route Internet traffic through the VPN tunnel and out our Corporate Gateway?

Thanks,

Ken

3 REPLIES

Re: Internet Access Through VPN

Ken,

you need

same-security-traffic permit intra-interface

nat (outside) 1

and a rule allowing www outbound access for the vpn pool network.

this is for full tunnel RA scenario and this is assuming your outbound internet gateway is your asa5510 outside interface.

Rgds

-Jorge

New Member

Re: Internet Access Through VPN

Jorge,

Thanks for the information. Our ASA is not our outbound Internet gateway. We us another firewall product for our outbound traffic. The ASA is strictly for VPN terminations at the moment. How would I set it up to use a different gateway?

Re: Internet Access Through VPN

Ken,

What is the firewall's current default route pointing to , is it pointing towards that other internet gateway? or do you have two internet gateways, if you do have two internet gateways you would probably need policy base routing which currently the firewall does not yet supports.. but if the default route points to the other firewall as its default route I believe it would be possible to do it.

Could you post sanatized asa config, strip out public IP information if any.

Rgds

-Jorge

159
Views
0
Helpful
3
Replies
CreatePlease to create content