Cisco asa remote access VPN

I've setup a Remote Access VPN using Cisco ASA for travel users to gain access into network applications. It connects using Cisco Client; however, I believe it's trying to act as ISP and I do not want it to. I only want staff to be able to access resources.
I believe when I did the wizard; it took me thru those settings, but what am I missing?
Spt_UsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nickoargCommented:
Set the ACL to take only the interesting traffic and not 0.0.0.0
0
Spt_UsAuthor Commented:
Can you explain what you mean by 'interesting' traffic?
0
Spt_UsAuthor Commented:
I don't have ACLs; could that be the issue? I used the RA wizard; shouldn't it have built the crypto/ACL etc. possibly missed?  IF I am using the Cisco VPN client to connect into ASA/Network
0
nickoargCommented:
I was thinking about ISR IOS and not ASA. In IOS you define the ACL of the traffic that you want the client to send through the tunnel. Here is the CLI example from Cisco:

The following example shows how to configure Remote Access IPsec VPNs:

hostname(config)# interface ethernet0
hostname(config-if)# ip address 10.10.4.200 255.255.0.0
hostname(config-if)# nameif outside
hostname(config-if)# no shutdown
hostname(config)# crypto ikev2 policy 1
hostname(config-ikev2-policy)# group 2
hostname(config-ikev2-policy)# integrity sha
hostname(config-ikev2-policy)# lifetime 43200
hostname(config-ikev2-policy)# prf sha
hostname(config)# crypto ikev2 outside
hostname(config)# ip local pool testpool 192.168.0.10-192.168.0.15
hostname(config)# username testuser password 12345678
hostname(config)# crypto ipsec ikev2 ipsec-proposal FirstSet
hostname(config-ipsec-proposal)# protocol esp encryption 3des aes
hostname(config)# tunnel-group testgroup type remote-access
hostname(config)# tunnel-group testgroup general-attributes
hostname(config-general)# address-pool testpool
hostname(config)# tunnel-group testgroup webvpn-attributes
hostname(config-webvpn)# authentication aaa certificate
hostname(config)# crypto dynamic-map dyn1 1 set ikev2 ipsec-proposal FirstSet
hostname(config)# crypto dynamic-map dyn1 1 set reverse-route
hostname(config)# crypto map mymap 1 ipsec-isakmp dynamic dyn1
hostname(config)# crypto map mymap interface outside
hostname(config)# write memory

Open in new window



The line:
crypto dynamic-map dyn1 1 set reverse-route

Open in new window

pushes the routes of the ASA to the client, such as the default route (0.0.0.0) causing the tunnel to "catch" the internet traffic that you don't want.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Spt_UsAuthor Commented:
It was a great help figuring out what I was missing!! THANKS
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.