dufff
asked on
Cisco VPN Client
Is it possible to have one user on the Cisco VPN client tunnel all internet requests though the tunnel instead of there local network?
Yes. It is possible.
ASKER
Can you explain how to do it? We have a Cisco ASA 5520 that terminates the VPN clients
Change ACL for crypto match to all traffic (0.0.0.0 0.0.0.0), then
same-security-traffic permit intra-interface
To enable hairpinning
same-security-traffic permit intra-interface
To enable hairpinning
ASKER
Will this send all clients web traffic through the tunnel? I am just looking to have one client's web traffic go through the tunnel and all the rest through there own network.
Yes. I doubt this is possible for just one client.
How do you imagine the ASA will identify this client? Source IP? Do they always hit the VPN from one location?
If the one client needs this, you could give them a small ASA and create a tunnel to that ASA that handles all the traffic.
How do you imagine the ASA will identify this client? Source IP? Do they always hit the VPN from one location?
If the one client needs this, you could give them a small ASA and create a tunnel to that ASA that handles all the traffic.
ASKER
yes it would be from the same location. if the IP is always the same could it be configured on the ASA?
Probably not with the client but with an ASA on each side, yes.
I presume that this is the IPSec client not the Anyconnect client.
You need to create a new group for this user, and then not enable split tunnelling on that group.
are you configuring this through ASDM or the CLI ?
You need to create a new group for this user, and then not enable split tunnelling on that group.
are you configuring this through ASDM or the CLI ?
ASKER
ASDM
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.