05-20-2020 04:14 AM
Hi,
On our SSL Anyconnect client VPN set up we have a split tunnel configured to route all traffic for corporate network over the VPN and all other traffic over the local internet gateway.
I added a URL's public IP address to the split tunnel with view of routing traffic to the URL over the vpn instead of breaking out locally.
However this is not working.
Packet captures on the FW only show tcp SYN and Retransmission to the IP of the .
Am I missing somehting? Is there a feature I need to enable?
Any help will be highly appriciated.
Kind Regards,
Solved! Go to Solution.
05-20-2020 04:28 AM
Hi,
In order for the remote access VPN users to access this public IP address through the VPN tunnel, you will also need to configure the command same-security-traffic permit intra-interface to allow the traffic to hairpin and route the traffic out the same interface it came in on. And a nat rule (source and destination interfaces are both outside, or whatever you've called your interface). e.g:-
object network RAVPN_USERS
subnet 192.168.10.0 255.255.255.0
nat (outside,outside) dynamic interface
HTH
05-20-2020 04:28 AM
Hi,
In order for the remote access VPN users to access this public IP address through the VPN tunnel, you will also need to configure the command same-security-traffic permit intra-interface to allow the traffic to hairpin and route the traffic out the same interface it came in on. And a nat rule (source and destination interfaces are both outside, or whatever you've called your interface). e.g:-
object network RAVPN_USERS
subnet 192.168.10.0 255.255.255.0
nat (outside,outside) dynamic interface
HTH
05-20-2020 04:31 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: