Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco ASA 5510 AnyConnect VPN issue

Status
Not open for further replies.

fillthy

IS-IT--Management
May 11, 2006
75
CA
I have my VPN AnyConnect clients connecting fine and they have access to "inside" resources thanks to Split Tunneling. VPN users need to connect to a third party web application (on the Internet) This third party site only allows clients to connect from our corporate public (outside) IP address. Since we are using Split Tunneling all external requests are leaving the users remote gateway and not the Corporate public IP (is this Split Tunneling?) This means VPN AnyConnect users cannot access this site. How can I make a work around so for certain public sites they go back through the Cisco?
Cheers
 
you add an entry to the split-tunnel ACL for this application and configure outside nat so that traffic sourced from the VPN users will be NATed with the required address
Code:
nat (outside) 1 access-list outside_nat

access-list outside_nat extended permit ip 192.168.26.0 255.255.255.0 host 1.1.1.1

access-list Split-Tunnel standard permit host 1.1.1.1
the host address 1.1.1.1 specified above would be replaced by the IP address of the web application

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top