I just created a Remote Access VPN, I can connect to the VPN via radius. However, I cannot connect to any of the networks behind the ASA. I have tried to use split-tunneling and without to no avail. I have no problem connecting, its just none of the traffic is being encrypted/sent back to the client.
Here is the config.
access-list INSIDE-TRUSTED_nat0_outbound extended permit ip any 10.118.0.0 255.255.255.0
access-list OUTSIDE-UNPROTECTED_cryptomap_dyn_20 extended permit ip any 10.118.0.0 255.255.255.0
Also presumably your IP pool is 10.118.0.0/24, so you need to make sure your inside network/hosts have a route that points this network back to the inside interface of the PIX. Also make sure the PIX has a route pointing this network out its outside interface as follows:
I have got it working now, I had some static's pointing to the wrong device. For the Internet, I do not want to use split-tunneling. If I use the route outside interface to the Internet, isn't that saying I am trying to use split-tunneling?
i guess the command "route OUTSIDE_UNPROTECTED 10.118.0.0 255.255.255.0 " is only required, if and only if the default gateway of the asa is not set to the outside interface (i.e. the internet router).
further, by applying the route statement as above will not enable split tunneling. in order to configure this feature, an acl needs to be created and applied by using command "split-tunnel".
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...