Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1473
Views
10
Helpful
3
Replies

Redirect Single IP Address Through User VPN

Go to solution
nlambert9
Level 1
Level 1

‎09-12-2012 09:39 AM

Hi All,

I am having an issue with the user VPNs. For users connected via the AnyConnect VPN client, all of their Internet traffic goes out their local Internet connection, since I am using split tunneling. However, I need a specific public IP address to go through the VPN tunnel and out the DIA at the main office, rather than the user's local internet connection. I managed to have this IP address go through the tunnel to the ASA at the main office, but it appears that it gets blocked somewhere there, or maybe the return traffic gets blocked. I am using an ASA 5520 at the main office, with software version 8.3. Can someone help me out?

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Javier Portuguez
Level 9
Level 9

‎09-12-2012 09:51 AM

Hi Nathalie,

This is what you need:

network object vpn-pool

     subnet 192.168.1.0 255.255.255.0

!

network object external-server

     host 7.7.7.7

!

nat (outside,outside) 1 source dynamic vpn-pool interface destination static external-server external-server

same-security-traffic permit intra-interface

That should allow the U-turning on the outside interface, so the clients get out to the Internet with the outside IP of the FW when try to reach the 7.7.7.7 server.

Let me know.

Thanks.

Portu.

Please rate any post you find helpful.

View solution in original post

3 Replies 3

Go to solution
Javier Portuguez
Level 9
Level 9

‎09-12-2012 09:51 AM

Hi Nathalie,

This is what you need:

network object vpn-pool

     subnet 192.168.1.0 255.255.255.0

!

network object external-server

     host 7.7.7.7

!

nat (outside,outside) 1 source dynamic vpn-pool interface destination static external-server external-server

same-security-traffic permit intra-interface

That should allow the U-turning on the outside interface, so the clients get out to the Internet with the outside IP of the FW when try to reach the 7.7.7.7 server.

Let me know.

Thanks.

Portu.

Please rate any post you find helpful.

Go to solution
nlambert9
Level 1
Level 1
In response to Javier Portuguez

‎09-12-2012 10:11 AM

Thank you very much Portu, that was exactly it! I was missing the NAT statement. It is working just fine now.

Thanks again,

Nathalie

0 Helpful

Go to solution
Javier Portuguez
Level 9
Level 9
In response to nlambert9

‎09-12-2012 10:15 AM

Awesome news

You are very welcome!

Have a good one.

Portu.

0 Helpful
Customers Also Viewed These Support Documents