Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Internet access with VPN connection ASA 5505

Howdy,


I've an ASA 5505 
ASDM version: 6.4(7) - ASA version: 8.4(7)3

We have some vpn users accessing through the network via rdp and telnet services.

Right now this is working just fine, but in the moment VPN's up, internet access goes off and I can't find which policy is doing that.

We use PCF files to connect with the client but I can't see nothing relatively to this.

Is this some kind of default policy group?

 

Kind regards,

 

2 ACCEPTED SOLUTIONS

Accepted Solutions

Hi , For your requirement

Hi ,

 For your requirement configure split tunneling . whereas you can segregate VPN and internet traffic  

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/70917-asa-split-tunnel-vpn-client.html

 

HTH

Sandy

Cisco Employee

Hi,In addition to Sandy's

Hi,

In addition to Sandy's previous reply, if you do want to tunnel all traffic for clients connecting in through the VPN tunnel then make sure you also have "same-security-traffic permit intra-interface" enabled on the ASA so that the traffic can be hairpinned out the same interface (generally the outside interface). 

Lastly, be sure that you have a an (outside,outside) NAT statement for the users so they can be NATed appropriately as well.

2 REPLIES

Hi , For your requirement

Hi ,

 For your requirement configure split tunneling . whereas you can segregate VPN and internet traffic  

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/70917-asa-split-tunnel-vpn-client.html

 

HTH

Sandy

Cisco Employee

Hi,In addition to Sandy's

Hi,

In addition to Sandy's previous reply, if you do want to tunnel all traffic for clients connecting in through the VPN tunnel then make sure you also have "same-security-traffic permit intra-interface" enabled on the ASA so that the traffic can be hairpinned out the same interface (generally the outside interface). 

Lastly, be sure that you have a an (outside,outside) NAT statement for the users so they can be NATed appropriately as well.

678
Views
5
Helpful
2
Replies