Solved

Cisco ASA Remote Access VPN IPSec Non-split Tunnel

Posted on 2013-11-07
8
1,175 Views
Last Modified: 2013-11-08
A friend is trying to set it up such that some of his users will send ALL of their traffic down the tunnel including Internet traffic down through the tunnel.  He's gotten it to the point where the tunnel allows access to internal resources.  But there is no Internet access.  What has to be configured so that the traffic will turn around and get out to the Internet and back to the tunneled user's PC?
0
Comment
Question by:amigan_99
  • 5
  • 2
8 Comments
 
LVL 92

Expert Comment

by:John Hurst
ID: 39632386
I do not understand your subject.

Set up the client profile to use split tunneling. That is the simplest way and it works. All the client has to do is to disable VPN to use internet and then hook the VPN back up when they need to work.

It is just easiest to permit split tunneling.

If your client insists, they have to provide a server at the remote end with IE on it. It will be pathetically slow, but it will work.

... Thinkpads_User
0
 
LVL 1

Author Comment

by:amigan_99
ID: 39632702
He does not want to permit split tunnel VPN - only non-split.  And even traffic to the Internet he wants to go first to the ASA and then go on its way to the Internet.  I have set this up in the past and was hoping someone here could give me the key steps to get it working without my pawing and experimenting.
0
 
LVL 1

Author Comment

by:amigan_99
ID: 39632727
Here is a discussion saying it is possible..

https://supportforums.cisco.com/thread/2187367

Not sure I get how this would be implemented with the ASDM
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 18

Expert Comment

by:fgasimzade
ID: 39632765
You would need to configure NAT and this command

same-security-traffic permit intra-interface
0
 
LVL 1

Author Comment

by:amigan_99
ID: 39632783
So assuming a VPN pool 192.168.47.0 - the nat might look like..


global (outside) 2 interface

nat (outside) 2 192.168.47.0 255.255.255.0 outside


??
0
 
LVL 1

Author Comment

by:amigan_99
ID: 39632784
Or

global (inside) 2 interface

nat (outside) 2 192.168.47.0 255.255.255.0 outside

?
0
 
LVL 18

Accepted Solution

by:
fgasimzade earned 500 total points
ID: 39632786
global (outside) 2 interface

nat (outside) 2 192.168.47.0 255.255.255.0
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 39634546
Much appreciated!  It worked.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port Forwarding on Cisco 881 14 57
Cisco AP to get ip from DHCP 10 73
CISCO Router 1 29
Cisco 3800 series and WISM2 1 13
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now