Guys, I'm trying to allow AnyConnect VPN clients to access external internet sites through the ASA (no split tunneling). In other words, I want users connected over VPN to be able to access the internal network, as well as be able to access external websites by having that traffic tunneled first to the ASA and then out to the internet. I've tried following the suggestions mentioned in thisthread, but not no luck. Specifically, I've tried adding this nat statement:
Originially I had no "nat (outside)" statement. Not able to access outside sites in any of these three cases. I have no trouble accessing the inside network when connected. I've issued the sysopt connection permit-vpn command to ignore interface access-lists for vpn users. Config is attached (scrubbed). Any help would be greatly appreciated.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...