VPN Split-tunnel Config help

cisconoobie · ‎09-25-2006

Right now my VPN is setup and working properly. Basically, when a user connects to the ASA5520 VPN Server, an IP gets issued to them and they can connect. When the user tries to browse the internet it uses the user's ISP which is good.

Now I need to set it up so SSH originates from the company and not from the user's personal ISP, meaning if they SSH to another site through the VPN tunnel.

How can I do this ?

b.hsu · ‎09-29-2006

What's the software verison which you are using in the ASA box?

cisconoobie · ‎09-30-2006

7.2.1

asdm 5.2

mcat84 · ‎10-01-2006

I have tried something before....tunnel everything...but in your case, maybe you can try something like this.

if your vpnpool is 192.168.88.1-192.168.88.254

Do a extended access-list for 192.168.88.0/24 to SSH

Then do

nat (outside) 6 access-list abc

global (outside) 6

Not very sure it will conflict with the NONAT statement or not....please let us know