Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1226
Views
0
Helpful
4
Replies

AnyConnect Works, But No Internet Acees!

euwars1010
Level 1
Level 1

‎08-04-2013 09:59 AM - edited ‎02-21-2020 07:04 PM

Hi there,

i do have a ASA 5540, i have used anyconnect wizard to configure one.

i can connect to it with anyconnect client, BUT there is not any internet connection for the users,

if we say the ip of ASA is 192.168.0.120 and the ip pool for the users is 10.0.0.1 to 10.0.0.200  how can i say to route the connections to the asa ip to have internet access? should i use the nat?

Thanks

Labels:
0 Helpful
4 Replies 4

Jouni Forss
VIP Alumni
VIP Alumni

‎08-04-2013 10:15 AM

Hi,

It would help to see the ASA configuration. We would also need to know the software version.

But if I would have to guess then you are probably missing only a few configurations.

One addition is the command

same-security-traffic permit intra-interface

Presuming you have configured the VPN client connection as Full Tunnel (meaning while the VPN is active all traffic goes to VPN) then you will need to above command to make it possible for the connections coming from the VPN through the "outside" interface to leave to the Internet through the same interface "outside" (if that is the name of your WAN interface on the ASA)

You will also require a NAT between "outside" and "outside" that defines the VPN Pool as the source and do Dynamic PAT for that subnet to the "outside" interface of the ASA.

The above are usually the 2 things you need to do to get Internet working while the VPN is active.

Alternatively, you can configure the VPN Client as Split Tunnel only which will mean that traffic to your LAN(s) behind ASA will go through the VPN but all Internet bound traffic will use the users current Internet connection.

- Jouni

0 Helpful

euwars1010
Level 1
Level 1
In response to Jouni Forss

‎08-04-2013 11:47 AM

it is  ASA 8.42

and i did not get the part outside to outside!

        and please check your private messages!

0 Helpful

Ivaylo Georgiev
Level 1
Level 1
In response to euwars1010

‎08-09-2013 08:16 AM

You need to configure the connection as a split-tunnel vpn profile.

The VPN wizard gives you that option.

If you are not comfortable with the CLI, the the easiest way to do it would be to just re-create the VPN profile.

Make sure you exempt the networks that you want to be able to reach through the VPN.

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to euwars1010

‎08-09-2013 08:27 AM

Hi,

We would have to see some configurations to determine what configurations are needed to enable Internet connectivity while connected with VPN.

As I mentioned earlier, we can either configure Split Tunnel so that Internet traffic will flow freely during VPN Client connection.

Or we can configure NAT on the ASA itself when using Full Tunnel to enable Internet traffic to head out through ASA.

But as I said, would need to see the configurations to be able to help if you are not able to configure this yourself.

- Jouni

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents