Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
340
Views
0
Helpful
2
Replies

VPN Internet Access ASA5520

Go to solution
cisconoobie
Level 2
Level 2

‎09-23-2006 08:35 AM

Right now my VPN works great, it connects the user to the network but it stops them from using the internet.

How can I set ASA5520 to force users to use their personal internet vs the companies Internet through the VPN tunnel?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to jmia

‎09-24-2006 03:36 AM

I agree with Jay's advice about the implications of split tunneling and the potential threat to your network.

With the ASA and version 7 code you do not necessarily need the proxy server. In PIX code pre 7 versions the PIX would not forward traffic out the same interface that it arrived on. With version 7 code (both for PIX and for ASA) it is possible to configure it so that it will forward out the interface on which it was received. So while a proxy server might be a good thing it is no longer required.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
2 Replies 2

Go to solution
jmia
Level 7
Level 7

‎09-23-2006 01:22 PM

You will need to setup split-tunneling on your ASA, take a look here:

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

Word of advice, from a security point it is not a good idea to give remote VPN client users access to the internet whilst they are connected to your internal LAN via the VPN client. Better solution is to allow the VPN clients to access the internet via an internal proxy server i.e. force the remote users IE to use your internal proxy server!

Hope this helps and please rate post.

Jay

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to jmia

‎09-24-2006 03:36 AM

I agree with Jay's advice about the implications of split tunneling and the potential threat to your network.

With the ASA and version 7 code you do not necessarily need the proxy server. In PIX code pre 7 versions the PIX would not forward traffic out the same interface that it arrived on. With version 7 code (both for PIX and for ASA) it is possible to configure it so that it will forward out the interface on which it was received. So while a proxy server might be a good thing it is no longer required.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents