06-14-2019 02:29 PM - edited 06-15-2019 10:52 AM
Hello all,
I have an ASA 5505 which is connected to my ISP router.
When i connect via Any connect, i cannot obtain the public IP of my ISP. I have configured the following SPLIT access-lists:
access-list SPLIT standard permit 10.10.1.0 255.255.255.0
access-list SPLIT standard permit 10.10.2.0 255.255.255.0
access-list SPLIT standard permit 10.10.3.0 255.255.255.0
access-list SPLIT standard permit 10.10.4.0 255.255.255.0
access-list SPLIT standard permit 10.10.5.0 255.255.255.0
access-list SPLIT standard permit 10.10.6.0 255.255.255.0
access-list SPLIT standard permit 10.10.7.0 255.255.255.0
access-list SPLIT standard permit 10.10.8.0 255.255.255.0
access-list SPLIT standard permit 192.168.1.0 255.255.255.0
access-list SPLIT standard permit any4
I have also uploaded the configuration file. What might be the issue?
Regards,
Stef
Solved! Go to Solution.
06-14-2019 10:59 PM
Why use split tunnel if you want all traffic to go over VPN?
Does your upstream "ISP" know to route traffic to your VPN pool (10.10.5.0/24) back via the ASA outside interface?
06-14-2019 10:59 PM
Why use split tunnel if you want all traffic to go over VPN?
Does your upstream "ISP" know to route traffic to your VPN pool (10.10.5.0/24) back via the ASA outside interface?
06-15-2019 01:38 AM
Thanks Marvin,
i removed the following:
no split-tunnel-policy tunnelspecified
no split-tunnel-network-list value SPLIT
and i added the following NAT:
nat (OUTSIDE,OUTSIDE) after-auto source dynamic VPN_POOL interface
Now i can see ISP public IP from whenever i login to Anyconnect.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide