Hello, I am trying to figure out how to force all traffic from remote vpn users to go through the vpn tunnel for internet access and have run into a road block. Right now, I have split tunneling working for one profile and the other profile is to force all traffic through the VPN. I have the same-security features enabled and I think I am stuck on the NAT side of it. What source of NAT settings do I need to allow this hairpining? My ACL is to allow any source to any outbound FYI.
What version of code?
Using an example of 10.2.3.0 as your VPN subnet.
8.2 and below
nat (outside) 1 10.2.3.0 255.255.255.0
global (outside) 1 interface (or PAT IP)
object network VPN-Pool
subnet 10.2.3.0 255.255.255.0
nat (outside,outside) dynamic interface
Hi Johnston, thanks for the help! It is for version 9.x and I have configured the NAT. I am going to give that a shot and try it. Thanks,
I just made the change and no luck. Any thoughts as to where I might look to test? I ran the packet tracer and set it it up with the following:
interface - outside
source ip - vpn pool ip address
dest ip - google.com
reverse path failure is the result...
Drop-reason: (rpf-violated) Reverse-path verify failed
Shouldn't these commands fix this?
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
I don't want to disable RPF on the outside interface if I don't have too.