About sysadmin

sysadmin · 06-10-2010

I'm looking to setup AnyConnect VPN with no split tunneling. ASA 5505 v8.2. It seems this should be really easy. I must be missing something.I can get the AnyConnect users to connect fine and they can access sites internal and at other IPSec-tunneled...

sysadmin · 06-10-2010

Thanks for your answer.. I think i was getting there at the same time you were replying. Your point about doing the nat (outside) 1 (actually from a previous thread) was the seed that got me there.

sysadmin · 06-10-2010

WOOT!It worked. They key point for me is understanding that VPN client traffic is internally addressed (10.1.1.x) but is "on" the outside interface. Any nat rules for that internal range on the inside interface will not get applied to VPN client traf...

sysadmin · 06-10-2010

So wait...If I have to nat0 my internal traffic headed to the IP-sec sites on the inside interface....global (outside) 1 interfacenat (inside) 0 access-list inside_nat0_outboundnat (inside) 1 0.0.0.0 0.0.0.0 dnsnat (outside) 1 10.1.1.0 255.255.255.0 ...

sysadmin · 06-10-2010

Also, things i've tried...Found nat-control was on, turned it off, no changeAdded ACL for outside thinking the VPN traffic, though let through and of internal IP range, is still considered "outside" traffic...access-list outside_access_in extended pe...

sysadmin · 06-10-2010

Thanks for the reply.If I add:nat (outside) 1 10.1.1.0 255.255.255.0 AC clients can access External sites, but not IPSec tunneled sites. If I remove that nat (outside) 1 10.1.1.0 255.255.255.0 AC clients can access IPSec tunneled sites, but not ...

Member Since	‎05-16-2010 01:59 PM
Date Last Visited	‎08-18-2017 03:54 AM
Posts	7
Total Helpful Votes Received	5

User Statistics

User Activity

AnyConnect clients can't access external sites

Re: AnyConnect clients can't access external sites

Re: AnyConnect clients can't access external sites

Re: AnyConnect clients can't access external sites

Re: AnyConnect clients can't access external sites

Re: AnyConnect clients can't access external sites