Solved: Cisco ASA 5505 Anyconnect | Hide Public IP

Net_Stef · ‎06-14-2019

Hello all,

I have an ASA 5505 which is connected to my ISP router.

When i connect via Any connect, i cannot obtain the public IP of my ISP. I have configured the following SPLIT access-lists:

access-list SPLIT standard permit 10.10.1.0 255.255.255.0
access-list SPLIT standard permit 10.10.2.0 255.255.255.0
access-list SPLIT standard permit 10.10.3.0 255.255.255.0
access-list SPLIT standard permit 10.10.4.0 255.255.255.0
access-list SPLIT standard permit 10.10.5.0 255.255.255.0
access-list SPLIT standard permit 10.10.6.0 255.255.255.0
access-list SPLIT standard permit 10.10.7.0 255.255.255.0
access-list SPLIT standard permit 10.10.8.0 255.255.255.0
access-list SPLIT standard permit 192.168.1.0 255.255.255.0
access-list SPLIT standard permit any4

I have also uploaded the configuration file. What might be the issue?

Regards,

Stef

Marvin Rhoads · ‎06-14-2019

Why use split tunnel if you want all traffic to go over VPN?

Does your upstream "ISP" know to route traffic to your VPN pool (10.10.5.0/24) back via the ASA outside interface?

View solution in original post

Marvin Rhoads · ‎06-14-2019

Why use split tunnel if you want all traffic to go over VPN?

Does your upstream "ISP" know to route traffic to your VPN pool (10.10.5.0/24) back via the ASA outside interface?

Net_Stef · ‎06-15-2019

Thanks Marvin,

i removed the following:

no split-tunnel-policy tunnelspecified
no split-tunnel-network-list value SPLIT

and i added the following NAT:

nat (OUTSIDE,OUTSIDE) after-auto source dynamic VPN_POOL interface

Now i can see ISP public IP from whenever i login to Anyconnect.