I am trying to set up the following requirement.
Remote users with Cisco VPN client software connect into an 877 router. Whilst connected to the VPN, users should have access to the Internet via the 877 and not by their local Internet connection using split tunneling.
To make sure this works I have set up policy routing on the WAN interface, if traffic from the VPN clients tries to go out this traffic is policy routed to a loopback interface which is configured for NAT inside. This allows the traffic to be translated before exiting the WAN interface.
This all works correctly however IP Inspect, which is configured outbound on the WAN interface, fails to create openings for this traffic and therefore the return traffic is blocked on the inbound access-list.
Does anybody know of a way to make this policy routed traffic be processed correctly by CBAC?
check the following url for configuring the split tunnelling
PIX/ASA 7.x: Allow Split Tunneling for VPN Clients on the ASA Configuration.
Unfortunately split tunneling is not an option, all Internet traffic must go through the central site.
I have now upgraded to IOS 12.4(9)T1 and everything is now working, seems a bug has been fixed although I couldn't find a match in the bug toolkit.
This configuration has expired i believe, Can you repost or extend the expiration? Im interested in doing something similar as well. Thanks in advance.
The attachment works for me and there is still 11 months before it expires. Just click on the little icon to the left of the expiry date to download it.