Solved

Cisco ASA 5510 doesnt allow web traffic through VPN

Posted on 2013-02-01
3
560 Views
Last Modified: 2013-02-04
I understand its a pretty vague question but i inherited an already configured ASA 5510 at my current employer.  I am not a cisco guru by any stretch and was hoping someone could help me figure out why web traffic is not allowed when you are connected via VPN to our ASA.  Is this default behavior or should i be looking for an acl entry that denies this traffic?
0
Comment
Question by:joshparker
3 Comments
 
LVL 20

Assisted Solution

by:rauenpc
rauenpc earned 250 total points
Comment Utility
There is probably no split tunnel applied to the vpn tunnel. A quick google search for cisco split tunnel will get you explanations and examples
0
 
LVL 15

Accepted Solution

by:
max_the_king earned 250 total points
Comment Utility
Hi,
by default you aren't allowed to go ut to the internet when into the vpn tunnel. As rauenpc suggested, you need to add split tunnel configuration:

create an access-list for your internal LAN (in my example assuming it is 192.168.1.0/24)

access-list splittunnel standard permit 192.168.1.0 255.255.255.0

and into the group-policy attributes you need to add

split-tunnel-policy tunnelspecified
 split-tunnel-network-list value splittunnel

which references to the access-list splittunnel

hope this helps
max
0
 

Author Closing Comment

by:joshparker
Comment Utility
Thank you very much guys.  This is exactly what i needed.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now