Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2429
Views
0
Helpful
4
Replies

SSL VPN on IOS, No Split Tunnel

xpresso01
Level 1
Level 1

‎06-27-2007 05:48 AM - last edited on ‎02-21-2020 11:46 PM by Community Manager

I've configured SSL VPN on an 1811 router running 12.4(9) IOS. I'm using the full SSL VPN client and do not want to split tunnel the traffic. I can reach my inside resources just fine, but I can not reach sites on the Internet. I want to tunnel my Internet traffic to the router and then have it hairpin out the same interface.

I've successfully configured this type of hairpinning on an ASA for SSL VPN, but have yet to find a way to do it in IOS. Does anyone have a sample config or suggestions?

Labels:
0 Helpful
4 Replies 4

amritpatek
Level 6
Level 6

‎07-03-2007 10:12 AM

Make use of the document "SSL VPN Client (SVC) on IOS with SDM Configuration Example"

http://www.cisco.com/en/US/products/ps6496/products_configuration_example09186a0080720346.shtml

0 Helpful

xpresso01
Level 1
Level 1
In response to amritpatek

‎07-03-2007 11:43 AM

Thanks. I've followed these instructions before, but the result was the same for me. I can reach internal resources, but hairpinning my traffic back out the outside interface to the Internet does not work. I'm still wondering if anyone actually has this operating in the way that I've described within their production environment.

0 Helpful

jvalin_ccie
Level 1
Level 1
In response to xpresso01

‎02-07-2011 10:42 PM

well according to the logic used for the bringing the traffic to the asa outside interface

what i did is natted the local pool traffic on the outside interface as well

so same concept if we use on the CISCO IOS also we can solve

ip nat outside source static "local-pool-network" intrface "outside-interface" overload

See if this helps..

can you please post ur configuration as I am unable to access the resources inside from the ssl vpn users..I dont want to bring the internet traffic towards the router but only the local lan traffic from remote ssl vpn users.

Regards,

jvalin

0 Helpful

guibarati
Level 4
Level 4

‎02-09-2011 05:20 PM

For the traffic to be natted on IOS it must traverse from inside to outside nat interface (or nat enabled interfaces)

You can try create a loopbak and set it as nat inside, direct the traffic from VPN to the loopback as nexthop, it the traffic is to go to inside the router will do that automaticaly, it it's to go to outside it will nat it.

You could use a policy-routing.

Not sure it will work, but worked for me on seemed situations.

Let us know if worked and rate the post...

0 Helpful
Top