Firewall Wizards mailing list archives
Re: Cisco AnyConnect Remote Access to L2L tunnels
From: "Todd Simons" <tsimons () delphi-tech com>
Date: Mon, 22 Jun 2009 20:52:44 -0400
Adding the dynamic NAT on the outside interface fixed it! Thanks! From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of Eric Gearhart Sent: Friday, June 19, 2009 7:13 PM To: Firewall Wizards Security Mailing List Subject: Re: [fw-wiz] Cisco AnyConnect Remote Access to L2L tunnels On Sun, Jun 14, 2009 at 7:41 AM, Todd Simons <tsimons () delphi-tech com> wrote: Eric- At this point I have this working via Hairpinning, my only problem at this point is that RemoteAccess VPNs (which are a global vpn setup) can't browse the internet or use external hosts that are not part of my sites. ~Todd Todd, Sorry about the confusion... glad to hear you have things working. Re: the remote access clients' Internet access... you can use split tunnels to have clients connect but only your tunnel subnets are routed over their tunnel connection... regular internet access would go through the clients' ISP, not over the tunnel. Is that an option? If that's not an option, I think that you would have to setup dynamic NAT on your outside interface and setup NAT exceptions for your internal subnets for the RA clients to have regular Internet but still hit the tunnel correctly... Cisco sees remote VPN clients as incoming through the outside interface (which is annoying.. I wish they'd just setup a virtual tunnel interface on the ASA like they do on their router VPN tunnels....) I haven't set this up though so I'm shooting in the dark a bit on this one... I have split tunnels setup for my work ASA VPN and it works quite well -- Eric http://nixwizard.net ## Scanned by Delphi Technology, Inc. ## CONFIDENTIALITY NOTICE This e-mail message from Delphi Technology, Inc. is intended only for the individual or entity to which it is addressed. This e-mail may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you received this e-mail by accident, please notify the sender immediately and destroy this e-mail and all copies of it.
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Cisco AnyConnect Remote Access to L2L tunnels, (continued)
- Re: Cisco AnyConnect Remote Access to L2L tunnels Farrukh Haroon (Jun 12)
- Re: Cisco AnyConnect Remote Access to L2L tunnels schilling (Jun 12)
- Re: Cisco AnyConnect Remote Access to L2L tunnels Christopher J. Wargaski (Jun 12)
- Re: Cisco AnyConnect Remote Access to L2L tunnels Todd Simons (Jun 12)
- Re: Cisco AnyConnect Remote Access to L2L tunnels Christopher J. Wargaski (Jun 14)
- Re: Cisco AnyConnect Remote Access to L2L tunnels Todd Simons (Jun 14)
- Re: Cisco AnyConnect Remote Access to L2L tunnels Eric Gearhart (Jun 14)
- Re: Cisco AnyConnect Remote Access to L2L tunnels Todd Simons (Jun 16)
- Re: Cisco AnyConnect Remote Access to L2L tunnels Chris Myers (Jun 19)
- Re: Cisco AnyConnect Remote Access to L2L tunnels Eric Gearhart (Jun 19)
- Re: Cisco AnyConnect Remote Access to L2L tunnels Todd Simons (Jun 23)
- Re: Cisco AnyConnect Remote Access to L2L tunnels Todd Simons (Jun 12)