Hi

I have used the below command for the VPN pool subnet to access the inside network.Still no luck

access-list nonat extended permit ip 10.30.1.0 255.255.255.0 10.20.53.0 255.255.255.0

nat (inside) 0 access-list nonat

Am I missing something again. Please advise.

Hi 

Any further suggestion anyone.

I know it's related to NAT entry as I am getting decaps but no encaps.

Could you add the following command and let us know: (you need to keep the acl and nat statement done before)

same-security-traffic permit intra-interface

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question 

Hi

These are the commands that I entered

access-list nonat extended permit ip 10.30.1.0 255.255.255.0 10.20.47.0 255.255.255.0

nat (inside) 0 access-list nonat

same-security-traffic permit intra-interface

Using mobilvpn as the VPN group - with this I am able to access the internal network but not the internet when connected.

Do you need any logs from the ASA?

Thanks in advance

Hi

Sorry. I was just wondering to solve your issue about nat exemption.

To nat your VPN and also all inside to access internet, you'll need to add the following lines:

nat (outside) 1 10.20.47.0 255.255.255.0 ==> Your VPN pool to grant access to internet

nat (inside) 1 0.0.0.0 0.0.0.0

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question

Hi

Still having the same issue of remote VPN users not able to access internet on their end.

Able to access inside network (site they are connecting to via cisco vpn client) with out any issue.

Is my split tunneling configuration okay?

Thanks

What's the group-policy you're using?

Hi,

With group policy francevpn (tunnel-group -  francevpn) I am able to access the internet on my end while connected to the vpn client but not able to access inside network.

With group policy MobilGrp (tunnel group  - mobilvpn) I am able to access the inside network but not able to browse the internet.

Thanks

Ok could you paste the actual config toi see what changes have been done and what is missing.

Attached is the config

Hi

Any suggestion as to what configuration is missing.

Thanks

Ok sorry for my late input but I'm in EST timezone and I don't know which timezone you're.

Your concern is to give internet access to your mobilpool vpn, right? It's 10.20.47.0/24

I took a look on your acl and you authorized some accesses but not everything to internet.

For test purpose, can you add the following acls and try again:

access-list outside_access_in extended permit tcp 10.20.47.0 255.255.255.0 any eq www
access-list outside_access_in extended permit tcp 10.20.47.0 255.255.255.0 any eq https

Maybe after all the allow, you should add a deny from that subnet to all private RFC1918 subnets and allow everything else going to internet, based on what you want to achieve.

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question

Hi

Added the ACLs to the ASA but the internet still won't work.

Is there any other details  we are missing?

I am in the AEST time zone.