Solved: AnyConnect external website access

Shaun Michelson · ‎11-16-2010

Guys, I'm trying to allow AnyConnect VPN clients to access external internet sites through the ASA (no split tunneling). In other words, I want users connected over VPN to be able to access the internal network, as well as be able to access external websites by having that traffic tunneled first to the ASA and then out to the internet. I've tried following the suggestions mentioned in this thread, but not no luck. Specifically, I've tried adding this nat statement:

nat (outside) 1 192.168.30.0 255.255.255.0

as well as this one:

nat (outside) 1 192.168.30.0 255.255.255.0 outside

Originially I had no "nat (outside)" statement. Not able to access outside sites in any of these three cases. I have no trouble accessing the inside network when connected. I've issued the sysopt connection permit-vpn command to ignore interface access-lists for vpn users. Config is attached (scrubbed). Any help would be greatly appreciated.

Cory Peterson · ‎11-16-2010

Change this line: nat (outside) 1 192.168.30.0 255.255.255.0 outside

To: nat (outside) 1 192.168.30.0 255.255.255.0

global (outside) 1 interface will associate the NAT to the outside interface.

Also be sure you have traffic allowed between hosts connected on the same interface with this command:

same-security-traffic permit intra-interface

View solution in original post

Cory Peterson · ‎11-16-2010

Change this line: nat (outside) 1 192.168.30.0 255.255.255.0 outside

To: nat (outside) 1 192.168.30.0 255.255.255.0

global (outside) 1 interface will associate the NAT to the outside interface.

Also be sure you have traffic allowed between hosts connected on the same interface with this command:

same-security-traffic permit intra-interface

Shaun Michelson · ‎11-17-2010

Dude, you rock. The same-security-traffic permit intra-interface command appears to have been the hang-up! I'll buy you a drink next time you're in Virginia, ha!

Cory Peterson · ‎11-17-2010

Your Welcome!

Thanks for rating!