Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
249
Views
4
Helpful
2
Replies

routing for an asa5510

Go to solution
rhltechie
Level 1
Level 1

‎03-14-2006 07:48 AM - edited ‎03-03-2019 12:03 PM

Hi all,

A quick question about routing on a asa5510. If i have users coming into an interface for vpn, and that interface also being the interface that connects to the internet, how is it that i allow my vpn users to use the internet( that i provide, no split tunnel)as the asa doesn't support a packet in/out a single interface? I understand that the pix works this way as well? forgive me as i am new to pix/asa.

Thanks,

R

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jackko
Level 7
Level 7

‎03-14-2006 10:49 PM

with asa or pix v7.x, it is feasible to redirect internet traffic without configuring split tunneling.

for instance, all traffic originated from a vpn client software host is encrypted and sent to the asa. asa receives, determines the packet is destined for internet. asa will then forward the packet back to the internet.

have a look at this cisco doc, it provides a detail configuration example for redirecting internet traffic for software client:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml#diag

View solution in original post

0 Helpful
2 Replies 2

Go to solution
pkhatri
Level 11
Level 11

‎03-14-2006 03:16 PM

I'm not an expert on the ASA either but one suggestion would be to get the users to access the Internet through a proxy server sitting on your inside network. That will mean that a completely new packet will be generated by the proxy and you won't have the problem of a packet going out the interface it came in on.

Paresh

Go to solution
jackko
Level 7
Level 7

‎03-14-2006 10:49 PM

with asa or pix v7.x, it is feasible to redirect internet traffic without configuring split tunneling.

for instance, all traffic originated from a vpn client software host is encrypted and sent to the asa. asa receives, determines the packet is destined for internet. asa will then forward the packet back to the internet.

have a look at this cisco doc, it provides a detail configuration example for redirecting internet traffic for software client:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml#diag

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card