Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
390
Views
0
Helpful
1
Replies

Remote access VPN and Internet

toddmanger
Level 1
Level 1

‎02-01-2011 05:55 PM - edited ‎02-21-2020 05:08 PM

I have a ISR2821 front end for remote VPN access for workstations connecting with Cisco VPN client.  My users can utilize internal network resources, but cannot browse the internet.  I do not have split tunneling enabled due to the security threat.  I have tried building a router on a stick but am having no luck.

Any thoughts on what I should be looking for?

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎02-02-2011 01:04 AM

I am assuming that you configure a loopback interface, and also have "ip nat inside" on the loopback interface. Also,you would need to configure the NAT to match the vpn client pool subnet so when it is accessing the internet, it will be NAT/PATed to the public ip address so it's routable.

Lastly, you would also need policy base routing to route the traffic to that loopback interface for traffic destined to the internet from the vpn client pool and of course denying the traffic destines to the internal network first.

Here is a sample configuration for your reference:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008073b06b.shtml

Hope that helps.

0 Helpful
Customers Also Viewed These Support Documents