Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cisco ASA Remote Access VPN IPSec Non-split Tunnel

Posted on 2013-11-07
8
Medium Priority
?
1,250 Views
Last Modified: 2013-11-08
A friend is trying to set it up such that some of his users will send ALL of their traffic down the tunnel including Internet traffic down through the tunnel.  He's gotten it to the point where the tunnel allows access to internal resources.  But there is no Internet access.  What has to be configured so that the traffic will turn around and get out to the Internet and back to the tunneled user's PC?
0
Comment
Question by:amigan_99
  • 5
  • 2
8 Comments
 
LVL 99

Expert Comment

by:John Hurst
ID: 39632386
I do not understand your subject.

Set up the client profile to use split tunneling. That is the simplest way and it works. All the client has to do is to disable VPN to use internet and then hook the VPN back up when they need to work.

It is just easiest to permit split tunneling.

If your client insists, they have to provide a server at the remote end with IE on it. It will be pathetically slow, but it will work.

... Thinkpads_User
0
 
LVL 1

Author Comment

by:amigan_99
ID: 39632702
He does not want to permit split tunnel VPN - only non-split.  And even traffic to the Internet he wants to go first to the ASA and then go on its way to the Internet.  I have set this up in the past and was hoping someone here could give me the key steps to get it working without my pawing and experimenting.
0
 
LVL 1

Author Comment

by:amigan_99
ID: 39632727
Here is a discussion saying it is possible..

https://supportforums.cisco.com/thread/2187367

Not sure I get how this would be implemented with the ASDM
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 18

Expert Comment

by:fgasimzade
ID: 39632765
You would need to configure NAT and this command

same-security-traffic permit intra-interface
0
 
LVL 1

Author Comment

by:amigan_99
ID: 39632783
So assuming a VPN pool 192.168.47.0 - the nat might look like..


global (outside) 2 interface

nat (outside) 2 192.168.47.0 255.255.255.0 outside


??
0
 
LVL 1

Author Comment

by:amigan_99
ID: 39632784
Or

global (inside) 2 interface

nat (outside) 2 192.168.47.0 255.255.255.0 outside

?
0
 
LVL 18

Accepted Solution

by:
fgasimzade earned 2000 total points
ID: 39632786
global (outside) 2 interface

nat (outside) 2 192.168.47.0 255.255.255.0
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 39634546
Much appreciated!  It worked.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question