Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
546
Views
4
Helpful
5
Replies

VPN client

dtooth71
Level 1
Level 1

‎02-12-2007 12:56 PM - edited ‎02-21-2020 02:51 PM

I recently upgraded to cisco asa. I configured users to connect through client VPN. on my laptop i installed VPN client software. when I connect to the asa I recieve the banner that I made to verify connection and it shows as connected. after I connect I can not ping or access the Internet. when I disconnect form the VPN, I am able to access Interenet resources again, but still not able to access files at my sites.???

Labels:
0 Helpful
5 Replies 5

acomiskey
Level 10
Level 10

‎02-12-2007 01:08 PM

post a sanitized config, as this could be many things.

0 Helpful

dtooth71
Level 1
Level 1
In response to acomiskey

‎02-12-2007 01:16 PM

a config of the asa? bear with me I am new to the Cisco world.

0 Helpful

ggilbert
Cisco Employee
Cisco Employee
In response to dtooth71

‎02-12-2007 02:35 PM

Yes, the config of the ASA would help us out.

"sh run"

Inorder for you to access the internet while connected through the VPN, you would need to do split tunneling or if you want to access internet via the ASA, that can be done as well.

Cheers

Gilbert

0 Helpful

Kamal Malhotra
Cisco Employee
Cisco Employee

‎02-12-2007 05:09 PM

Hi,

It seems that you need to configure split-tunnel. If you are configuring through GUI (ASDM) then do the following :

1. Goto Configuration -> VPN -> General -> Group Policy.

2. Select the Group Policy you are using and click 'Edit'.

3. Goto Client Configuration -> General Client Parameters.

4. Make sure that the 'Inherit' against the Split Tunnel Policy and Split Tunnel Network List are unchecked.

5. Against Split Tunnel Policy select 'Tunnel Network List Below'.

6. Against Split Tunnel Network List make sure 'none' is selected and then click Manage.

7. Under Standard ACL, click Add.

8. Define a name.

9. Right click the ACL you created and click Add ACE.

10. Define the local network behind the ASA. Make sure that the network address and the mask is correct.

11. Click OK. Click OK. Click Apply and you are done.

If you are using CLI, the do the following :

(config)#access-list split permit ip any

(config)#group-policy attributes

(config-group-policy)#split-tunnel-policy tunnelspecified

(config-group-policy)#split-tunnel-network-list value split

HTH,

Regards,

Kamal

0 Helpful

Kamal Malhotra
Cisco Employee
Cisco Employee
In response to Kamal Malhotra

‎02-12-2007 05:11 PM

Small correction :

(config)#access-list split permit ip any

should be

(config)#access-list split standard permit ip

Customers Also Viewed These Support Documents