11-16-2010 01:17 PM - edited 02-21-2020 04:58 PM
Guys, I'm trying to allow AnyConnect VPN clients to access external internet sites through the ASA (no split tunneling). In other words, I want users connected over VPN to be able to access the internal network, as well as be able to access external websites by having that traffic tunneled first to the ASA and then out to the internet. I've tried following the suggestions mentioned in this thread, but not no luck. Specifically, I've tried adding this nat statement:
nat (outside) 1 192.168.30.0 255.255.255.0
as well as this one:
nat (outside) 1 192.168.30.0 255.255.255.0 outside
Originially I had no "nat (outside)" statement. Not able to access outside sites in any of these three cases. I have no trouble accessing the inside network when connected. I've issued the sysopt connection permit-vpn command to ignore interface access-lists for vpn users. Config is attached (scrubbed). Any help would be greatly appreciated.
Solved! Go to Solution.
11-16-2010 01:37 PM
Change this line: nat (outside) 1 192.168.30.0 255.255.255.0 outside
To: nat (outside) 1 192.168.30.0 255.255.255.0
global (outside) 1 interface will associate the NAT to the outside interface.
Also be sure you have traffic allowed between hosts connected on the same interface with this command:
same-security-traffic permit intra-interface
11-16-2010 01:37 PM
Change this line: nat (outside) 1 192.168.30.0 255.255.255.0 outside
To: nat (outside) 1 192.168.30.0 255.255.255.0
global (outside) 1 interface will associate the NAT to the outside interface.
Also be sure you have traffic allowed between hosts connected on the same interface with this command:
same-security-traffic permit intra-interface
11-17-2010 06:18 AM
Dude, you rock. The same-security-traffic permit intra-interface command appears to have been the hang-up! I'll buy you a drink next time you're in Virginia, ha!
11-17-2010 06:21 AM
Your Welcome!
Thanks for rating!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide