[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cisco VPN Client

Posted on 2011-10-06
12
Medium Priority
?
313 Views
Last Modified: 2013-08-29
Is it possible to have one user on the Cisco VPN client tunnel all internet requests though the tunnel instead of there local network?
0
Comment
Question by:dufff
  • 4
  • 4
  • 2
10 Comments
 
LVL 20

Expert Comment

by:RPPreacher
ID: 36924845
Yes.  It is possible.
0
 

Author Comment

by:dufff
ID: 36924853
Can you explain how to do it? We have a Cisco ASA 5520 that terminates the VPN clients
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 36924878
Change ACL for crypto match to all traffic (0.0.0.0 0.0.0.0), then

same-security-traffic permit intra-interface

To enable hairpinning
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:dufff
ID: 36924900
Will this send all clients web traffic through the tunnel? I am just looking to have one client's web traffic go through the tunnel and all the rest through there own network.
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 36925176
Yes.  I doubt this is possible for just one client.

How do you imagine the ASA will identify this client?  Source IP?  Do they always hit the VPN from one location?

If the one client needs this, you could give them a small ASA and create a tunnel to that ASA that handles all the traffic.
0
 

Author Comment

by:dufff
ID: 36925331
yes it would be from the same location. if the IP is always the same could it be configured on the ASA?
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 36925557
Probably not with the client but with an ASA on each side, yes.
0
 
LVL 37

Expert Comment

by:ArneLovius
ID: 36926175
I presume that this is the IPSec client not the Anyconnect client.

You need to create a new group for this user, and then not enable split tunnelling on that group.

are you configuring this through ASDM or the CLI ?
0
 

Author Comment

by:dufff
ID: 36926746
ASDM
0
 
LVL 37

Accepted Solution

by:
ArneLovius earned 2000 total points
ID: 36926869
Go to Remote Access VPN

Expand Network (Client) Access

Open IPSec (IKEv1) Connection Profiles
open the existing conenction profile, note the Group Policy used

Open Group Policies
create a new group policy that matches the group policy that is in use
In the group policy go to Advanced then Split Tunnelling
Set the policy to Tunnell All Networks
Apply the group policy changes

Go back to IPSec (IKEv1) Connection Profiles
Add a new Remote Access Connection Profile
Give it a name and configure the Pre-Shared Key
Configure User Authentication in the same way as the existing
Set the group policy to be the one that you just created

Use the IPSec client to create a new .prf file and replace the existing .prf file on the users computer
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question