My total configuration works on everything right now. BUT through VPN I can't get internet access. I read one user who only had to put his vpn on a different subnet mask. I tried that, and I lost access to the network drives I connect to. I have got to be able to connect to a network machine & internet simultaneously for 2 programs. PLease help - I know nothing about networking - I have to figure things out for myself. If you can give me advise, please keep a little on the simple side. When I do "add" things to see if they work, I'm not sure that I do it right, so please advise.
Solved! Go to Solution.
add to your config
access-list NO-NAT permit ip any 192.168.1.0 255.255.255.0
nat (inside) 0 access-list NO-NAT
access-list Split-VPN standard permit 192.168.0.0 255.255.0.0
group-policy templevpn attributes
split-tunnel-network-list value Split-VPN
you have to enable split-tunneling on the ASA to allow internet traffic through the ASA
see this for more info and instructions
you apply the split-tunneling on your vpn group.
Tried this in every way, shape & fashion I know - looks easy, but didn't fix anything. Yes, everything works the way the article says it should, but I cannot ping or see the router or anything else on my network then. I do get a split tunnel, but can't connect to anything.
for a start, your vpn pool Tbc_Pool is on the same subnet as the ASA inside interface. firstly i suggest you use something not in use on your inside network for the pool.
whatever you use, you will have to route it back to the ASA for you to access internet resources.
what is the ASA inside interface connected to? is it a switch?
Inside interface is connected to a switch - it's a dell, gig managed switch. I CANNOT figure out how to get the subnet to talk on any other subnet. I can connect, but not see my network drives, ping anything, including my dns server.
is the dell switch a routing switch? can you add a static route for example?
start my changing the pool subnet to something else. it is not recommeded to use the vpn pool same as the inside interface.
once you change it, then we can try to route it and get the vpn connection to access internal resources.
ok i noticed something else. your pool mask is 255.255.255.255. try changing it to 255.255.255.0 and give it a go.
it is a routing switch, but let's pretend it's not. it's not "turned on" and if we try to access that it's going to get bad quick. there are many switches in our building & they all just act as switches, no management whatsoever.
I changed the pool mask & the split tunnel mask to both be 255.255.255.0. I can still connect, but no internet, no network connections.
Sorry - here's part of my lack of formal training.
"show the output when vpn client is connected."
You mean the log from the client? or something from the ASA
sh crypto ipsec sa
- is this for the ASA or for the output?
so over my head. i don't know WHERE to input that to get an output. if i'm supposed to do it from a command prompt, please advise on how to get to the asa? sorry - gotta get for tonight. be back around 6a central.