• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1350
  • Last Modified:

Cisco ASA Remote Access VPN IPSec Non-split Tunnel

A friend is trying to set it up such that some of his users will send ALL of their traffic down the tunnel including Internet traffic down through the tunnel.  He's gotten it to the point where the tunnel allows access to internal resources.  But there is no Internet access.  What has to be configured so that the traffic will turn around and get out to the Internet and back to the tunneled user's PC?
0
amigan_99
Asked:
amigan_99
  • 5
  • 2
1 Solution
 
JohnBusiness Consultant (Owner)Commented:
I do not understand your subject.

Set up the client profile to use split tunneling. That is the simplest way and it works. All the client has to do is to disable VPN to use internet and then hook the VPN back up when they need to work.

It is just easiest to permit split tunneling.

If your client insists, they have to provide a server at the remote end with IE on it. It will be pathetically slow, but it will work.

... Thinkpads_User
0
 
amigan_99Network EngineerAuthor Commented:
He does not want to permit split tunnel VPN - only non-split.  And even traffic to the Internet he wants to go first to the ASA and then go on its way to the Internet.  I have set this up in the past and was hoping someone here could give me the key steps to get it working without my pawing and experimenting.
0
 
amigan_99Network EngineerAuthor Commented:
Here is a discussion saying it is possible..

https://supportforums.cisco.com/thread/2187367

Not sure I get how this would be implemented with the ASDM
0
Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

 
fgasimzadeCommented:
You would need to configure NAT and this command

same-security-traffic permit intra-interface
0
 
amigan_99Network EngineerAuthor Commented:
So assuming a VPN pool 192.168.47.0 - the nat might look like..


global (outside) 2 interface

nat (outside) 2 192.168.47.0 255.255.255.0 outside


??
0
 
amigan_99Network EngineerAuthor Commented:
Or

global (inside) 2 interface

nat (outside) 2 192.168.47.0 255.255.255.0 outside

?
0
 
fgasimzadeCommented:
global (outside) 2 interface

nat (outside) 2 192.168.47.0 255.255.255.0
0
 
amigan_99Network EngineerAuthor Commented:
Much appreciated!  It worked.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now