03-14-2006 07:48 AM - edited 03-03-2019 12:03 PM
Hi all,
A quick question about routing on a asa5510. If i have users coming into an interface for vpn, and that interface also being the interface that connects to the internet, how is it that i allow my vpn users to use the internet( that i provide, no split tunnel)as the asa doesn't support a packet in/out a single interface? I understand that the pix works this way as well? forgive me as i am new to pix/asa.
Thanks,
R
Solved! Go to Solution.
03-14-2006 10:49 PM
with asa or pix v7.x, it is feasible to redirect internet traffic without configuring split tunneling.
for instance, all traffic originated from a vpn client software host is encrypted and sent to the asa. asa receives, determines the packet is destined for internet. asa will then forward the packet back to the internet.
have a look at this cisco doc, it provides a detail configuration example for redirecting internet traffic for software client:
03-14-2006 03:16 PM
I'm not an expert on the ASA either but one suggestion would be to get the users to access the Internet through a proxy server sitting on your inside network. That will mean that a completely new packet will be generated by the proxy and you won't have the problem of a packet going out the interface it came in on.
Paresh
03-14-2006 10:49 PM
with asa or pix v7.x, it is feasible to redirect internet traffic without configuring split tunneling.
for instance, all traffic originated from a vpn client software host is encrypted and sent to the asa. asa receives, determines the packet is destined for internet. asa will then forward the packet back to the internet.
have a look at this cisco doc, it provides a detail configuration example for redirecting internet traffic for software client:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide