- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2018 08:36 AM - edited 03-12-2019 05:09 AM
Hello all
I have ASA 55.25 Firewall I and can connect to VPN without issue. The problem is that I cannot
browse the Internet or Ping the Internet.
I am trying to confogure all Internet traffic to go though the corporate network rather than split tunneling.
I think my configuration my be incorrect somewhere.
I have uploaded my current config.
Solved! Go to Solution.
- Labels:
-
Other VPN Topics
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2018 09:04 AM
it looks like you are not nating the anyconnect ips when they are trying to reach the internet, try:
object network VPN-Users
nat (Internet-outside,Internet-outside) dynamic interface
also you would need to allow that traffic:
same-security-traffic permit intra-interface
also you may want to restrict the identity nat from:
nat (any,any) source static any any destination static VPN-Users VPN-Users no-proxy-arp
to something like:
nat (Internet-inside,Internet-outside) source static obj-inside obj-inside destination static VPN-Users VPN-Users route-lookup no-proxy-arp
config example:
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100918-asa-sslvpn-00.html
HTH
Bogdan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2018 09:04 AM
it looks like you are not nating the anyconnect ips when they are trying to reach the internet, try:
object network VPN-Users
nat (Internet-outside,Internet-outside) dynamic interface
also you would need to allow that traffic:
same-security-traffic permit intra-interface
also you may want to restrict the identity nat from:
nat (any,any) source static any any destination static VPN-Users VPN-Users no-proxy-arp
to something like:
nat (Internet-inside,Internet-outside) source static obj-inside obj-inside destination static VPN-Users VPN-Users route-lookup no-proxy-arp
config example:
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100918-asa-sslvpn-00.html
HTH
Bogdan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2018 11:35 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2018 01:03 AM
nat (internet-outside,internet-outside)
