Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7650
Views
0
Helpful
2
Replies

No internet access from windows 10 when using tunnelall option under the group policy (ASA version:8.2)

geoseraf13
Level 1
Level 1

‎10-10-2015 12:27 PM

Hi,

I have configured a group policy on ASA having the tunnelall option under the split-tunnel-policy. I have also configured the vpn pool to be natted and I used the command same-security-traffic permit intra-interface in order for the traffic coming from the vpn pool to be natted and then leaving the outside interface of my ASA device. Everything works fine when I use my Ubuntu machine on which I have installed a vpnc client. As I can see the public IP with which I access the Internet is the IP of my ASA's outside interface which is what I want.

The problem arises when I use my windows 10 machine and Cisco's VPN client. Although the connection with the ASA is always successfully established and I can access the internal network (my home network behind ASA device) I cannot access the Internet. I think that the problem is related to windows 10 since as I mentioned above everything works fine when I log into my Ubuntu machine. Does anyone have any idea what could the source of the problem be? Note that the version of my ASA device is 8.2. Moreover I have to highlight that I do not want to use split -tunneling to solve it. 

Thanks

George

 

Labels:
0 Helpful
2 Replies 2

rvarelac
Level 7
Level 7

‎10-13-2015 03:42 PM

Hi George, 

If you're using the cisco VPN client , be advise this software is currently End of life and only supported for Windows XP and Windows 7. You might need to migrate to Anyconnect, if you are already using anyconnect make sure there is no 3rd party software installed on the VPN network adapter.

http://www.cisco.com/c/en/us/products/collateral/security/vpn-client/end_of_life_c51-680819.html

Hope it helps

-Randy-

 

0 Helpful

geoseraf13
Level 1
Level 1

‎11-02-2015 11:17 AM

Finally I solved this issue. The problem was that I was missing the command that assigns DNS servers to the remote clients. The command is configured under the relevant group-policy and its syntax is as below:

dns-server value 8.8.8.8

Now the mystery is why everything was working fine on Ubuntu while the problem seemed to occur only when I was using the Cisco's VPN client on my Windows machine. Well, in case of my Ubuntu machine, I am assuming that the websites that I visited to test whether everything works okay were in the DNS cache so my machine did not have to access any DNS server.

PS: Thanks Randy for your suggestion.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents