Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
0
Helpful
4
Replies

VPN Client internet access

Go to solution
ANGELO DE MASI
Level 1
Level 1

‎05-03-2010 12:13 AM

Hi,

I need to make users connected with vpn client to central office's lan, going to internet using the central office's internet connection. I mean wihout having split-tunnel and without using an internal proxy. I would like to know if it is possible with PIX or ASA. I think it's like to tell to have traffic going in and out the firewall using the same outside interface. Thank you very much in advance for your appreciated support.

Best regards

Angelo

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎05-03-2010 12:17 AM

Yes, definitely can.

You would need to configure the following:

same-security-traffic permit intra-interface

Plus, assuming that you already have "global (outside) 1 interface", you can configure the following:

nat (outside) 1

For example: if the ip pool subnet for the vpn client is 192.168.100.0/24, then the following:

nat (outside) 1 192.168.100.0 255.255.255.0

Hope that helps.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎05-03-2010 12:17 AM

Yes, definitely can.

You would need to configure the following:

same-security-traffic permit intra-interface

Plus, assuming that you already have "global (outside) 1 interface", you can configure the following:

nat (outside) 1

For example: if the ip pool subnet for the vpn client is 192.168.100.0/24, then the following:

nat (outside) 1 192.168.100.0 255.255.255.0

Hope that helps.

0 Helpful

Go to solution
ANGELO DE MASI
Level 1
Level 1
In response to Jennifer Halim

‎05-03-2010 04:12 AM

Hi, thanks a lot for your right advice.

Regards

angelo

PS: Does it also mean that I could also make a vpn connection on my firewall starting from the inside? I mean just for testing purpose. Thanks.

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to ANGELO DE MASI

‎05-03-2010 04:17 AM

As far as routing is concern, if you connect to the ASA inside interface, it would be different to when you are connecting to the outside interface.

When connecting to the outside, the VPN Pool would be routed to the outside interface, and when connecting to the inside interface, now the VPN Pool would be routed to the inside interface, hence the NAT statement will also change to the inside interface instead of outside.

It will not be a true test of when VPN is connected via the outside interface.

0 Helpful

Go to solution
ANGELO DE MASI
Level 1
Level 1
In response to Jennifer Halim

‎05-03-2010 04:23 AM

Ok it's all prefectly clear. Thank you very much. So the only way to

test vpn connectivity is to have another internet connection.

Regards

angelo

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents