Cisco ASA SSL VPN
Hi,
I have a Cisco ASA 5510. We have setup an SSL VPN using client download. When the user connects to the SSL VPN they can browse and ping all resources on the internal network and use internal DNS, but they can no longer use the internet. When loading websites the browser session just times out.
When I rund CMD prompt I pinging to www.google.com resolves to an IP address, but does not reply, same with tracert, it resolves but never reaches the google server.
I think this could be an issue with split tunneling/DNS. The fact that users can access all network resources, but cannot get out on the internet tells me that they are trying to come through the tunnel to use their local internet connection. How would I change this?
Any help would be much appreciated.
Thanks
Neo3998
I have a Cisco ASA 5510. We have setup an SSL VPN using client download. When the user connects to the SSL VPN they can browse and ping all resources on the internal network and use internal DNS, but they can no longer use the internet. When loading websites the browser session just times out.
When I rund CMD prompt I pinging to www.google.com resolves to an IP address, but does not reply, same with tracert, it resolves but never reaches the google server.
I think this could be an issue with split tunneling/DNS. The fact that users can access all network resources, but cannot get out on the internet tells me that they are trying to come through the tunnel to use their local internet connection. How would I change this?
Any help would be much appreciated.
Thanks
Neo3998
ASKER
Hi,
I am making changes via ASDM as I am not too great with Cisco command line. How would I make these changes using this method?
Thanks
Neo3998
I am making changes via ASDM as I am not too great with Cisco command line. How would I make these changes using this method?
Thanks
Neo3998
I never use ASDM, cant tell you. Maybe someone else here can fill the gap? Unless you post the config here. This can be extracted from asdm from any of the top-menus in the gui.
/Kvistofta
/Kvistofta
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks very much :)
1) Nat for outside traffic to outside.Like:
nat (outside) 1 10.0.0.0 255.255.255.0 where the ip network is your vpn client pool)
global (outside) 1 1.2.3.4 (where 1.2.3.4 is a public ip.
2) Is there any split-tunnel-policy defined in the group-policy?
3) Add "same security permit-intra-interface"
Verify these steps, if it still doesnt work please post your sanitized config here for investigation.
/Kvistofta