Showing results for 
Search instead for 
Did you mean: 

Disable split tunneling to navigate through remote gateway

Level 1
Level 1

Hi everyone,

I run a cisco asa 5510 and I want to know how to configure the asa to let some of AAA users navigate through the remote gateway (with remote public ip).

I've already configure ipsec, ssl group policy, and I know I can disable split tunneling. I do it but remote users (connected with ipsec vpn cisco client) could access remote LAN but when they try to navigate through internet, there's no ip connection.

Do I have to configure some NAT ? I've already configure some rules to let the vpn ip pool go to the internet.

I just want my remote users to navigate on internet through the vpn tunnel and the remote gateway (the asa).

Can someone explain me how to do that ? Do I have to setup some proxy ?

Thank you !

1 Reply 1

Fabio Jorge
Level 1
Level 1

Hello 67P7,

There are an option that permite VPN clients get internet Sites over IPsec Tunnel. I have no visibility about your ASA so i gonna send some option, please try it and let me know.

Ps: You need to disable split tunneling and use split-tunnel-policy tunnelall


Inside Network:

VPN Pool:

IP outside ASA:

IP outside NAT ASA: "if used"


Create a NAT condition:

==> Nat to Internet <===

nat (inside) 1

global(outside) 1 interface    "if you are using Outside IP address to NAT"


global(outside) 1 netmask   "if you are using especific IP address to NAT"

===> No Nat <===

access-list VPN_NONAT extended permit ip


nat (inside) 0 access-list VPN_NONAT


===> IPSEC and Hairpining use <===

same-security-traffic permit intra-interface

Let me know about it.

Good luck.

Fabio Jorge Amorim