?
Solved

Cisco ASA SSL VPN

Posted on 2010-09-09
5
Medium Priority
?
671 Views
Last Modified: 2013-11-13
Hi,

I have a Cisco ASA 5510.  We have setup an SSL VPN using client download.  When the user connects to the SSL VPN they can browse and ping all resources on the internal network and use internal DNS, but they can no longer use the internet.  When loading websites the browser session just times out.

When I rund CMD prompt I pinging to www.google.com resolves to an IP address, but does not reply, same with tracert, it resolves but never reaches the google server.  

I think this could be an issue with split tunneling/DNS.  The fact that users can access all network resources, but cannot get out on the internet tells me that they are trying to come through the tunnel to use their local internet connection.  How would I change this?  

Any help would be much appreciated.  

Thanks

Neo3998
0
Comment
Question by:neo3998
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33635667
Verify this:

1) Nat for outside traffic to outside.Like:
nat (outside) 1 10.0.0.0 255.255.255.0 where the ip network is your vpn client pool)
global (outside) 1 1.2.3.4 (where 1.2.3.4 is a public ip.

2) Is there any split-tunnel-policy defined in the group-policy?

3) Add "same security permit-intra-interface"

Verify these steps, if it still doesnt work please post your sanitized config here for investigation.

/Kvistofta
0
 
LVL 2

Author Comment

by:neo3998
ID: 33635981
Hi,

I am making changes via ASDM as I am not too great with Cisco command line.  How would I make these changes using this method?  

Thanks

Neo3998
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33636080
I never use ASDM, cant tell you. Maybe someone else here can fill the gap? Unless you post the config here. This can be extracted from asdm from any of the top-menus in the gui.

/Kvistofta
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 2000 total points
ID: 33636814
0
 
LVL 2

Author Closing Comment

by:neo3998
ID: 33644745
Thanks very much :)
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question