Re: Internet access via SSL VPN on IOS without split tunnel

paul_australia · ‎04-04-2011

Hi Guys

Can someone provide some guidance on what needs to be done to allow clients who connect to an IOS based SSL VPN (i.e. using the AnyConnect client) to connect to the internet? Clients can connect to the VPN with no issues and access resources internally, however accessing the Internet through the VPN is a no go.

Have successfully accomplished this on an ASA, and there is a guide which provides for this using IPSEC on IOS, however can't find anything with particular reference to the IOS based SSL VPN.

Many thanks for your help

Paul

Jennifer Halim · ‎04-05-2011

You can configure Virtual-Template, and apply "ip nat inside" on that virtual template, and assign the virtual template to your webvpn context.

Example:

interface virtual-template 5

ip unnumbered

ip nat inside

webvpn context

virtual-template 5

And your normal NAT ACL to allow from the SSL VPN pool subnet to any, and deny prior to the permit for local subnet towards the ssl vpn subnet.

Hope that helps.

andamani · ‎04-05-2011

Hi Paul,

Please find the link for anyconnect with IOS below:

http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080af314a.shtml#results

The following link gives details of the anyconnect connection with IOS and Zone based Firewall:

http://www.cisco.com/en/US/products/ps8411/products_configuration_example09186a0080b25941.shtml#ios

Hope this helps.

Regards,

Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.