Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Secured Internet Access through ASA

I have cisco ASA firewall. I would like to have secured internet access through client to site vpn. I have configured the following

Inside Interface

DMZ1--> This interface connects to the internal interface of the VPN box

DMZ2--> This interface connects to the external interface of the VPN box

Outside--> is the interface IP and for testing i placed a workstation with IP address to test the connectivity.

From inside i connected my system to BOX Inside IP Address) and got authenticated and infact got the VPN Pool of ip address

When i try ping reach (System placed in the outside interface) i am not able to

For communication between inside and DMZ1 for VPN authentication i configured the following

static (inside,DMZ1)

access-list dmzin permit ip 255.255.2555.0

access-group dmzin in interface DMZ1

The above statement wroks fine since i able to connect to the VPN box

In the router i added the statement for reverse route

route DMZ2 Leg of VPN box connected to DMZ2 of ASA)

I am able to ping 192.168.9.x(VPN Pool IP Address) from the ASA box and hence communication is happening from ASA-->DMZ2-->VPN Box-->DMZ1-->Inside

When i give Access-list outbound permit ip any any

and Access-group outbound in interface outside

I am able to reach the outside System( without having nat or pat in place. Other than this command any command with source and destination defined is not working.

Can some one guide me how could i proceed to make sure that only after conneting through the VPN i should be able to access the internet.

CreatePlease to create content