Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
467
Views
0
Helpful
3
Replies

WEBVPN (IOS) cannot access internet

Go to solution
Herman Skubic
Level 1
Level 1

‎03-17-2015 05:05 AM

Hello,

I am evaluating WEBVPN (SSL VPN) feature on CISCO 1921 router.

I can establish VPN connection with anyconnect and access local intranet, but I cannot access internet.

I cannot find out what happend with packets meant for internet.

Below I'm sending webvpn configuration:

GigabitEthernet0/0 is LAN interface

 

ip nat inside source static tcp 192.168.100.1 5443 94.140.xx.yy 5443 extendable

webvpn gateway WEBSSL-GATEWAY
 ip interface GigabitEthernet0/0 port 5443
 ssl trustpoint TP-self-signed-4050442324
 inservice
 !
webvpn context ASCAL-SSLVPN
 secondary-color #990000
 title-color black
 aaa authentication list SSL-VPN
 gateway WEBSSL-GATEWAY
 max-users 10
 !
 ssl authenticate verify all
 inservice
 !
 policy group SSLVPN_POLICY
   functions svc-enabled
   svc address-pool "vpn_pool" netmask 255.255.255.0
   svc rekey method new-tunnel
   mask-urls
 default-group-policy SSLVPN_POLICY
!

Thank you in advance.

Kind Reagrds,

Herman

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Abaji Rawool
Level 3
Level 3

‎03-18-2015 09:01 AM

Hi,

 

Make sure you have source nat list configured to allow VPN pool, if you want to use the internet from the router or you can use split tunnel to allow only Internal traffic over VPN

example:

router(config-webvpn-group)# svc split include 198.168.100.0 255.255.255.0

router(config-webvpn-group)# svc split include 192.168.200.0 255.255.255.0

 

Regards,

Abaji.
 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Abaji Rawool
Level 3
Level 3

‎03-18-2015 09:01 AM

Hi,

 

Make sure you have source nat list configured to allow VPN pool, if you want to use the internet from the router or you can use split tunnel to allow only Internal traffic over VPN

example:

router(config-webvpn-group)# svc split include 198.168.100.0 255.255.255.0

router(config-webvpn-group)# svc split include 192.168.200.0 255.255.255.0

 

Regards,

Abaji.
 

0 Helpful

Go to solution
Herman Skubic
Level 1
Level 1
In response to Abaji Rawool

‎03-19-2015 12:47 AM

Hi Abaji,

 

Thank you for your answer.

 

But I want all VPN traffic to go trough router (including internet).

As I mentioned only LAN is accessible but not internet. 

 

Regarding VPN pool you mentioned I already use the same pool for L2TP/IPSEC vpn clients and internet for these clients works OK. Only SSL VPN has the problem accessing internet.

Do you maybe have any idea why?

 

Regards,

Herman

 

 

 

 

0 Helpful

Go to solution
Abaji Rawool
Level 3
Level 3
In response to Herman Skubic

‎03-21-2015 07:24 AM

Would you be able to send full config here?

 

Regards,

Abaji.

0 Helpful
Customers Also Viewed These Support Documents