Cisco ASA Remote Access VPN IPSec Non-split Tunnel

I do not understand your subject.

Set up the client profile to use split tunneling. That is the simplest way and it works. All the client has to do is to disable VPN to use internet and then hook the VPN back up when they need to work.

It is just easiest to permit split tunneling.

If your client insists, they have to provide a server at the remote end with IE on it. It will be pathetically slow, but it will work.

... Thinkpads_User

He does not want to permit split tunnel VPN - only non-split.  And even traffic to the Internet he wants to go first to the ASA and then go on its way to the Internet.  I have set this up in the past and was hoping someone here could give me the key steps to get it working without my pawing and experimenting.

Here is a discussion saying it is possible..

https://supportforums.cisco.com/thread/2187367

Not sure I get how this would be implemented with the ASDM

You would need to configure NAT and this command

same-security-traffic permit intra-interface

So assuming a VPN pool 192.168.47.0 - the nat might look like..


global (outside) 2 interface

nat (outside) 2 192.168.47.0 255.255.255.0 outside


??

Or

global (inside) 2 interface

nat (outside) 2 192.168.47.0 255.255.255.0 outside

?

Much appreciated!  It worked.