Re: [fw-wiz] Cisco AnyConnect Remote Access to L2L tunnels



On Sun, Jun 14, 2009 at 7:41 AM, Todd Simons <tsimons@xxxxxxxxxxxxxxx>wrote:

Eric-

At this point I have this working via Hairpinning, my only problem at
this point is that RemoteAccess VPNs (which are a global vpn setup)
can't browse the internet or use external hosts that are not part of my
sites.

~Todd


Todd,

Sorry about the confusion... glad to hear you have things working.

Re: the remote access clients' Internet access... you can use split tunnels
to have clients connect but only your tunnel subnets are routed over their
tunnel connection... regular internet access would go through the clients'
ISP, not over the tunnel. Is that an option?

If that's not an option, I think that you would have to setup dynamic NAT on
your outside interface and setup NAT exceptions for your internal subnets
for the RA clients to have regular Internet but still hit the tunnel
correctly... Cisco sees remote VPN clients as incoming through the outside
interface (which is annoying.. I wish they'd just setup a virtual tunnel
interface on the ASA like they do on their router VPN tunnels....)

I haven't set this up though so I'm shooting in the dark a bit on this
one... I have split tunnels setup for my work ASA VPN and it works quite
well

--
Eric
http://nixwizard.net
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • Re: Turn-Key Installation Question: SBS 2003 Standard + Hardware VPN
    ... The clients I have found so far that like the SBS setup have been graphic ... Setting up a VPN tunnel is easy under ... A firewall appliance sounds like the ...
    (microsoft.public.windows.server.sbs)
  • Re: DD-WRT VPN
    ... Anyone want to suggest some other solutions for the VPN that wont require ... OpenVPN has to encrypt and decrypt the tunnel at both ends. ... setup a fast computah at each end of the simulation to a LAN ...
    (alt.internet.wireless)
  • Re: Multiple remote clients
    ... I would suggest a Dedicated VPN between the sites. ... I prefer to use Cisco ... Routers and VPN setup. ... I have many clients with this setup and it works ...
    (microsoft.public.backoffice.smallbiz)
  • Re: HIPAA and firewalls
    ... >compliant manner using VPN. ... this is a bad and expensive method of purchasing a router. ... the VPN is setup in 5 steps. ... network IP block to both sides of the VPN tunnel. ...
    (comp.security.firewalls)
  • ASA split tunnel problems
    ... VPN clients get and ip address range 192.168.1.200-192.168.1.210 ... and all the internet in an unencryted way outside VPN (splut tunnel). ...
    (comp.dcom.sys.cisco)