Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
735
Views
0
Helpful
1
Replies

Access internet through VPN

tohoken
Level 1
Level 1

‎05-12-2010 10:54 AM

All,

I need to have my remote clients access the Internet through the VPN using the AnyConnect client, meaning I need all traffic to go through the VPN and out our internal router to the Internet.  I know I can use the split-tunnel option but our corporate policy states all traffic needs to go through the VPN, web traffic included.  Currently my users have access to all internal resources but web traffic is not working.  How do I configure the ASA to allow web traffic through and routed out our main edge router?

Thanks,

Ken

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎05-12-2010 02:36 PM

How is the main edge router connected? To the outside of the ASA or to the inside of the ASA?

1) If it's connected to the outside of the ASA, then you would need to configure the following:

same-security-traffic permit intra-interface

nat (outside) 1

Assuming that you already have a corresponding global statement with sequence of 1 for the outside interface.

2) If it's connected to the inside of the ASA, then you need the following instead:

route inside 0.0.0.0 0.0.0.0 tunnelled

Assuming that your main edge route is doing the PAT for web browsing to the internet, then you would need to include the VPN Pool subnet in the NAT statement on the router, plus route for the ip pool subnet back towards the ASA inside interface.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents