Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSL VPN IOS no split-tunnel with internet

Configuration below. I have CEF turned off, trying to get internet access for SSL VPN clients without split-tunnel. How do I accomplish this with IOS VPN?

thanks-

webvpn gateway gateway_1
ip address  
http-redirect port 80
ssl trustpoint TP-self-signed-614248518
inservice
!
webvpn install svc flash:/webvpn/anyconnect-win-2.4.1012-k9.pkg sequence 1
!
webvpn context 2821ssl
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
!
!
policy group policy_1
   functions svc-enabled
   svc address-pool "SSLVPNPOOL"
   svc keep-client-installed
    virtual-template 3
default-group-policy policy_1
aaa authentication list ciscocp_vpn_xauth_ml_1
gateway gateway_1
inservice

1 REPLY
Cisco Employee

Re: SSL VPN IOS no split-tunnel with internet

You would need to configure the "ip nat inside" on the virtual template for the SSL VPN. The access-list to match the nat translation should deny traffic between the internal network towards the ip pool subnet, and permitting the ip pool subnet to any (internet).

423
Views
0
Helpful
1
Replies