Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access internet through VPN


I need to have my remote clients access the Internet through the VPN using the AnyConnect client, meaning I need all traffic to go through the VPN and out our internal router to the Internet.  I know I can use the split-tunnel option but our corporate policy states all traffic needs to go through the VPN, web traffic included.  Currently my users have access to all internal resources but web traffic is not working.  How do I configure the ASA to allow web traffic through and routed out our main edge router?



Cisco Employee

Re: Access internet through VPN

How is the main edge router connected? To the outside of the ASA or to the inside of the ASA?

1) If it's connected to the outside of the ASA, then you would need to configure the following:

same-security-traffic permit intra-interface

nat (outside) 1

Assuming that you already have a corresponding global statement with sequence of 1 for the outside interface.

2) If it's connected to the inside of the ASA, then you need the following instead:

route inside tunnelled

Assuming that your main edge route is doing the PAT for web browsing to the internet, then you would need to include the VPN Pool subnet in the NAT statement on the router, plus route for the ip pool subnet back towards the ASA inside interface.