Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4215
Views
5
Helpful
2
Replies

Internet access with VPN connection ASA 5505

Go to solution
Dupriko952
Level 1
Level 1

‎05-23-2014 09:55 AM

Howdy,


I've an ASA 5505 
ASDM version: 6.4(7) - ASA version: 8.4(7)3

We have some vpn users accessing through the network via rdp and telnet services.

Right now this is working just fine, but in the moment VPN's up, internet access goes off and I can't find which policy is doing that.

We use PCF files to connect with the client but I can't see nothing relatively to this.

Is this some kind of default policy group?

 

Kind regards,

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
SANTHOSHKUMAR SARAVANAN
Level 4
Level 4

‎05-23-2014 11:17 AM

Hi ,

 For your requirement configure split tunneling . whereas you can segregate VPN and internet traffic  

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/70917-asa-split-tunnel-vpn-client.html

 

HTH

Sandy

View solution in original post

0 Helpful

Go to solution
Kevin Klous
Cisco Employee
Cisco Employee
In response to SANTHOSHKUMAR SARAVANAN

‎05-23-2014 11:24 AM

Hi,

In addition to Sandy's previous reply, if you do want to tunnel all traffic for clients connecting in through the VPN tunnel then make sure you also have "same-security-traffic permit intra-interface" enabled on the ASA so that the traffic can be hairpinned out the same interface (generally the outside interface). 

Lastly, be sure that you have a an (outside,outside) NAT statement for the users so they can be NATed appropriately as well.

View solution in original post

2 Replies 2

Go to solution
SANTHOSHKUMAR SARAVANAN
Level 4
Level 4

‎05-23-2014 11:17 AM

Hi ,

 For your requirement configure split tunneling . whereas you can segregate VPN and internet traffic  

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/70917-asa-split-tunnel-vpn-client.html

 

HTH

Sandy

0 Helpful

Go to solution
Kevin Klous
Cisco Employee
Cisco Employee
In response to SANTHOSHKUMAR SARAVANAN

‎05-23-2014 11:24 AM

Hi,

In addition to Sandy's previous reply, if you do want to tunnel all traffic for clients connecting in through the VPN tunnel then make sure you also have "same-security-traffic permit intra-interface" enabled on the ASA so that the traffic can be hairpinned out the same interface (generally the outside interface). 

Lastly, be sure that you have a an (outside,outside) NAT statement for the users so they can be NATed appropriately as well.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents