Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
812
Views
5
Helpful
2
Replies

Cisco Firepower FTD 6.5.0 with AnyConnect RA VPN

doukkalli
Level 1
Level 1

‎04-09-2020 02:23 PM

Hi,

 

I setup a RA VPN using Cisco Firepower 2130 FTD 6.5.0 and AnyConnect client without split tunnels.

I setup a NAT Rule and an access control policy to allow traffics.

 

 When I connect to VPN Gateway I can access to internal LAN (RFC 1918) but I cannot access to Internet from my PC without using our internal proxy.

 

What is the best practice ot use in IPv4 Split Tunneling the option: Allow all traffic over tunnel ?

Is there any specific NAT rule to configure ?

Thanks for your help.

Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎04-09-2020 02:30 PM

Hi,

You would need a specific NAT rule for the RAVPN traffic sourced from outside interface destined to the outside interface if you wish to route internet traffic through the RAVPN. E.g:-

 

object network RAVPN_USERS
 subnet 192.168.10.0 255.255.255.0
 nat (outside,outside) dynamic interface

More customers seem to be configuring split-tunnelling recently in order to save bandwidth at the main site. If your client computers are running endpoint protection such as AMP4E and/or Umbrella Roaming Client then this should provide you with the extra level of security, if you decide to split tunnel.

 

HTH

 

doukkalli
Level 1
Level 1
In response to Rob Ingram

‎04-09-2020 03:39 PM

Thanks a lot now it working for me.

0 Helpful
Customers Also Viewed These Support Documents