cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2659
Views
0
Helpful
6
Replies
Highlighted
Beginner

Allow Internet access while connected thru AnyConnect to ASA5510

This should be a simple problem to resolve but I can't seem to find an answer.   How do I configure the ASA5510 to allow VPN clients to have access to the Internet while they are connected via AnyConnect?

Thanks in advance.

Ed

Everyone's tags (1)
6 REPLIES 6
Highlighted
VIP Mentor

Re: Allow Internet access while connected thru AnyConnect to ASA

You need split-tunneling:

group-policy VPN attributes

  split-tunnel-policy tunnelspecified

  split-tunnel-network-list value VPN-SPLIT

where VPN-SPLIT is a standard ACL with your internal networks that your VPN-clients should reach through the tunnel. Everything not in that list is allowed in clear by the client.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Highlighted
Beginner

Allow Internet access while connected thru AnyConnect to ASA5510

Thank you for your quick response.  I'll give it a try.

Highlighted
Beginner

Allow Internet access while connected thru AnyConnect to ASA5510

Dear Friend,

i did the configuration but still not working.

I will appreciate your reply.

Regards

saeed ullah

Highlighted
Contributor

Allow Internet access while connected thru AnyConnect to ASA5510

If you've done exactly what karsten said, everything should work fine.

Highlighted

Allow Internet access while connected thru AnyConnect to ASA5510

Hello Saeed,

Share the configuration ( With the changes you have done so we can help as the solution was given by Karsten then we will need to check what is wrong with the config you have there)

Julio Carvajal S

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Rising star

Allow Internet access while connected thru AnyConnect to ASA5510

split tunnel configuration is not enough on its own.

You should also configure the corresponding nat exempt rule.

In addition, make sure that the subnet you entered in split tunneling, shows up at the routes tab in anyconnect client details.

Post your config so I can advise.