Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1098
Views
0
Helpful
2
Replies

asa 5510 IPSec VPN

Go to solution
aa123123aa
Level 1
Level 1

‎08-12-2012 03:25 AM - edited ‎03-11-2019 04:41 PM

Hello,

I've configured ipsec vpn, and it's working fine,

I've done split tunneling, so the users would be also able to connect to the Internet as well

The complication is this,

I have an outside server, of another company that the VPN users need to connect to via http

The issue arises, that only one ip address is allowed to access this server, which is my asa public address

The vpn users connect to the Internet through their private Internet, which mean that they get a different ip, and cant access that server

Is there any way to allow communication through the vpn to that server?

I would appreciate any help I can get with this, because as of now, there isn't really a point in the vpn, because that's their main work

I'm using asa 5510 version 8.4(4), ASDM 6.4

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎08-12-2012 04:42 AM

You would need to configure that server ip address in the split tunnel list.

Then you would need to enable "same-security-traffic permit intra-interface" on the ASA.

Lastly, you would need to configure NAT on the outside interface for the VPN Pool subnet, to be PATed to the same ASA public ip address, that way, the VPN users will route the traffic destined towards that server via the vpn tunnel, and hair pin on the ASA using the ASA public ip address to access the server.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎08-12-2012 04:42 AM

You would need to configure that server ip address in the split tunnel list.

Then you would need to enable "same-security-traffic permit intra-interface" on the ASA.

Lastly, you would need to configure NAT on the outside interface for the VPN Pool subnet, to be PATed to the same ASA public ip address, that way, the VPN users will route the traffic destined towards that server via the vpn tunnel, and hair pin on the ASA using the ASA public ip address to access the server.

0 Helpful

Go to solution
aa123123aa
Level 1
Level 1
In response to Jennifer Halim

‎08-12-2012 06:44 AM

I've figured it out a bit before,

And it was as you've said,

Basically all that I was missing, was NAT on the outside interface

Thank you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card