cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
186
Views
0
Helpful
3
Replies
Stacey Hummer
Beginner

Anyconnect and internet access

Good day all,

My saga continues with the vpn side of our ASA 5525-X. I have successfully got it to install and connect, however once it connects there is no internet access. I am sure this is do to split tunneling or allowing vpn clients to hair-pin out the ASA???? Just guessing at the moment. I'm not sure what everyone would need for information but it's a pretty simple setup (I believe) so I'm not sure what I have done wrong.

Any assistance would be greatly appreciated.

 

Stacey

 

*** Been working on this more, so once connected my internet access disappears, I can access the systems/server inside the domain from my client but it disables my access to either go through my domain to access the internet or simply do a split tunnel and allow connections going directly to the internet to go out.

 

**Update**

Raised a TAC ticket and got this resolved. I will update with resolution shortly.

3 REPLIES 3
Kanwaljeet Singh
Cisco Employee

Hi Stacey,

Please check the configuration related to split tunneling.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100936-asa8x-split-tunnel-anyconnect-config.html

If it is fine, it should work properly. At least the internet.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

So, the vpn is configured properly, I can ping the core switch on our network from the vpn client. I can ping the IP address the port that the ASA is attached to on the core switch 10.3.0.4, however I cannot  ping the ASA inside interface 10.3.0.10 from the vpn client.

 

Hi Stacey,

You cannot ping the ASA on any other interface apart from the one you are connected through.

For example, a LAN user connected to the "inside" interface of the ASA can only ping that interface; it cannot ping the "outside" interface for example.

When connecting via VPN though, you can manage the ASA on another interface other than the one you connected through by using the "management-access" command. Link here.

Also refer to this thread for more information about this.

Content for Community-Ad