Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Internet Access ASA5520

Right now my VPN works great, it connects the user to the network but it stops them from using the internet.

How can I set ASA5520 to force users to use their personal internet vs the companies Internet through the VPN tunnel?

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: VPN Internet Access ASA5520

I agree with Jay's advice about the implications of split tunneling and the potential threat to your network.

With the ASA and version 7 code you do not necessarily need the proxy server. In PIX code pre 7 versions the PIX would not forward traffic out the same interface that it arrived on. With version 7 code (both for PIX and for ASA) it is possible to configure it so that it will forward out the interface on which it was received. So while a proxy server might be a good thing it is no longer required.

HTH

Rick

2 REPLIES
Gold

Re: VPN Internet Access ASA5520

You will need to setup split-tunneling on your ASA, take a look here:

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

Word of advice, from a security point it is not a good idea to give remote VPN client users access to the internet whilst they are connected to your internal LAN via the VPN client. Better solution is to allow the VPN clients to access the internet via an internal proxy server i.e. force the remote users IE to use your internal proxy server!

Hope this helps and please rate post.

Jay

Hall of Fame Super Silver

Re: VPN Internet Access ASA5520

I agree with Jay's advice about the implications of split tunneling and the potential threat to your network.

With the ASA and version 7 code you do not necessarily need the proxy server. In PIX code pre 7 versions the PIX would not forward traffic out the same interface that it arrived on. With version 7 code (both for PIX and for ASA) it is possible to configure it so that it will forward out the interface on which it was received. So while a proxy server might be a good thing it is no longer required.

HTH

Rick

123
Views
0
Helpful
2
Replies
CreatePlease login to create content