Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
374
Views
0
Helpful
2
Replies

Cisco VPN Client requires Internet access --- not "split-tunneled"

revangelista
Level 1
Level 1

‎06-15-2007 09:52 AM - edited ‎02-21-2020 03:06 PM

I have an ASA 5510 appliance running 7.2 (ASDM 5.2) terminating Cisco VPN Client 4.8 users.

Everything works, meaning the Client can access corporate resources. However, due to "split-tunneling" being disabled (per corporate security policy) I will need to route all Internet-bound traffic through the appliance.

How is this done?

I have tried changing the tunnel default gateway to the 'inside' interface of the ASA. I have also added NAT entries for the VPN Client pools to be translated to a different IP Address on the 'outside' interface but it still does not work.

Thanks in advance.

--re

Labels:
0 Helpful
2 Replies 2

regraxpto
Level 1
Level 1

‎07-04-2007 03:56 PM

Im not sure if there is any other way, but if you use a proxy in your internal network and configure it on the remote workers, it should do the trick.

Cheers,

Nuno

0 Helpful

acomiskey
Level 10
Level 10
In response to regraxpto

‎07-04-2007 05:32 PM

Sure this is possible. For example...

same-security-traffic permit intra-interface

ip local pool vpnpool 192.168.10.1-192.168.10.254

global (outside) 1 interface

nat (outside) 1 192.168.10.0 255.255.255.0

Here is the document that will also help if needed.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

Please rate helpful posts.

0 Helpful
Customers Also Viewed These Support Documents