cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3017
Views
0
Helpful
6
Replies

Allow Internet access while connected thru AnyConnect to ASA5510

Edward Luna
Level 1
Level 1

This should be a simple problem to resolve but I can't seem to find an answer.   How do I configure the ASA5510 to allow VPN clients to have access to the Internet while they are connected via AnyConnect?

Thanks in advance.

Ed

6 Replies 6

You need split-tunneling:

group-policy VPN attributes

  split-tunnel-policy tunnelspecified

  split-tunnel-network-list value VPN-SPLIT

where VPN-SPLIT is a standard ACL with your internal networks that your VPN-clients should reach through the tunnel. Everything not in that list is allowed in clear by the client.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Thank you for your quick response.  I'll give it a try.

Dear Friend,

i did the configuration but still not working.

I will appreciate your reply.

Regards

saeed ullah

If you've done exactly what karsten said, everything should work fine.

Hello Saeed,

Share the configuration ( With the changes you have done so we can help as the solution was given by Karsten then we will need to check what is wrong with the config you have there)

Julio Carvajal S

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

split tunnel configuration is not enough on its own.

You should also configure the corresponding nat exempt rule.

In addition, make sure that the subnet you entered in split tunneling, shows up at the routes tab in anyconnect client details.

Post your config so I can advise.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: