Solved: You need to use full tunnel

Kaleem Sheikh · ‎05-30-2017

I'm setting up a site to site VPN and I have allowed split tunnel on a Cisco ASA 5506-x. When I connect through the Anyconnect on my PC, the internet connection works, but I am connecting from a PC on a xx.xxx.xxx.235 network VPN'ing into a xx.xxx.xxx.234 network and my ip after VPN'ing is still xx.xxx.xxx.235. I need it to to be xx.xxx.xxx.234 because that's our whole reason for setting up a VPN in the first place. How do I fully VPN into another network and inherit its public ip address?

Marvin Rhoads · ‎05-31-2017

You need to use full tunnel (not split tunnel) in order to have your PC appear as the VPN headend public IP. You then also need a nat (outside,outside) rule for your remote access VPN traffic.

View solution in original post

Marvin Rhoads · ‎05-31-2017

You need to use full tunnel (not split tunnel) in order to have your PC appear as the VPN headend public IP. You then also need a nat (outside,outside) rule for your remote access VPN traffic.

Kaleem Sheikh · ‎05-31-2017

Thank you. I think this is what I was missing. Do you know of any document or video I can follow to change my split tunnel into a full tunnel?

Marvin Rhoads · ‎05-31-2017

You might have a look at this blog:

http://www.dasblinkenlichten.com/full-tunnel-anyconnect-with-internet-hairpin/

How do I fully VPN from one network into another to inherit its public ip address?