Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

When connected VPN client cannot access internet?

Dear All,

I would like to ask you some question about VPN client as below that:

on my system i have ASA 5520 and switch 3560. on cisco switch 3560 i do Vlan.

on configure VPN client i can connect to ASA 5520 but i have some problem:

1- when Client connected already, so my PC cannot access internet but i can ping to local. so what is the problem?

2-when client connected already, my PC (outside that use VPN client ) can ping some Vlan but my configuration allow access already but i don't know that wrong?

Please help to solve my issue!!!

Best Regards,


Cisco Employee

Re: When connected VPN client cannot access internet?


It doesn't sound like you have split tunneling configured correctly:  ie, when you connect, all traffic (including internet) *has* to go over the VPN, and unless you configure it properly there, it won't get sent out to the internet.

The easiest way to fix this is to only send traffic behind the VPN firewall over the VPN, and let your internet connectivity use your local connection without going over the VPN.  This is called split tunneling.  Try configuring it using the link below.

If you still have problems, try attaching the configuration of your firewall to you next message and we'll take a look at what could be happening.


Cisco Employee

Re: When connected VPN client cannot access internet?


Sounds like you do not have an outside nat configuration line on the

firewall. Please try the following:

global (outside) 1 interface -- You can use the existing global

nat (outside) 1

same-security-traffic permit intra-interface

This will ensure that the internet traffic gets Hair-pinned and sent to


Hope this helps.



CreatePlease to create content