Remote access w/o split tunneling using external DNS
I've set up a remote access group for Anyconnect on a 5510 running 8.4.5. Our company security policy prohibits split tunneling, but this particular location has no internal DNS (so I have to use a public DNS like google or something). How do I get this to work, I'm assuming I need to do a NAT exemption but I'm not sure how this would look, especially under 8.4.5.
This will allow the traffic to take a "U-turn" on the ASA "outside" interface and head back to the Internet.
The NAT configurations format depends on your current NAT configuration. It should work with the above but there is always a possibility that some current NAT configuration might cause problems for it or override it.
Let me know if I understood your situation correctly.
If this solved your problem, remember to mark the question is answered.
Securing What's Now and What's Next. With our annual global survey of 2,800 security leaders, we dove deep to compile key benchmark statistics. The 2020 CISO Benchmark Report provides valuable takeaways and data on the most pressing cybersecurity to...
I have 2 Firepower module (ASA 5525) with Malware and IPS licence. Recently i changed the Malware policy action set to "Block Malware" and "Reset Connection". How to log the event if my policy blocked any files? Please find the attached screen shot f...
Hi, We have ISE v2.4 installed in production for only 2 month now. we are integrating anyconnect for posturing on all end users machine. I want to get the report or statistics of all the machines on which anyconnect client is installed.
I am installing IDE using Firepower. I have set up firepower on the management port. I gave it a .190 address (last quad). The Firepower management center .189 is on a different subnet. That subnet can ping the interface .189 but not the management port ....
Hello,We have a SDA network with DNAC and ISE.In this network we have different teams with different AD domain and PKI. (domains do not trust each other)Users are only sharing same switches in the fabric. We want to authenticate the endpoints with EA...