09-19-2006 01:50 PM
I am trying to set up the following requirement.
Remote users with Cisco VPN client software connect into an 877 router. Whilst connected to the VPN, users should have access to the Internet via the 877 and not by their local Internet connection using split tunneling.
To make sure this works I have set up policy routing on the WAN interface, if traffic from the VPN clients tries to go out this traffic is policy routed to a loopback interface which is configured for NAT inside. This allows the traffic to be translated before exiting the WAN interface.
This all works correctly however IP Inspect, which is configured outbound on the WAN interface, fails to create openings for this traffic and therefore the return traffic is blocked on the inbound access-list.
Does anybody know of a way to make this policy routed traffic be processed correctly by CBAC?
Regards
Colin
09-25-2006 11:37 AM
check the following url for configuring the split tunnelling
PIX/ASA 7.x: Allow Split Tunneling for VPN Clients on the ASA Configuration.
09-26-2006 02:13 AM
Unfortunately split tunneling is not an option, all Internet traffic must go through the central site.
I have now upgraded to IOS 12.4(9)T1 and everything is now working, seems a bug has been fixed although I couldn't find a match in the bug toolkit.
11-01-2006 07:26 AM
Colin,
I'm trying to do the same thing, and am having the same problems. Can you provide your config?
Thanks,
Matt
11-02-2006 07:19 AM
12-04-2006 11:22 AM
This configuration has expired i believe, Can you repost or extend the expiration? Im interested in doing something similar as well. Thanks in advance.
12-04-2006 02:14 PM
The attachment works for me and there is still 11 months before it expires. Just click on the little icon to the left of the expiry date to download it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide