[c-nsp] PIX/ASA full tunnel for clients
Jason Link
Jason.Link at whgroup.com
Wed Apr 29 14:51:09 EDT 2009
In the group policy for the specific VPN instance, use
"split-tunnel-policy tunnelall"
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Justin Shore
Sent: Wednesday, April 29, 2009 1:30 PM
To: 'Cisco-nsp'
Subject: [c-nsp] PIX/ASA full tunnel for clients
I've got what's probably a simple question that I just can't figure out.
Is there a trick for setting up a "full" tunnel client VPN profiles (ie,
no split tunneling?) on a PIX or ASA running v7 or better? I used to do
this on VPN 3000 Concentrators with ease but my searches on "cisco ASA
ipsec client VPN full tunnel" isn't giving me anything useful. Is it
called something else now? I know that I have to run v7.x or better to
hairpin encrypted and unencrypted traffic in and out of the outside
interface.
I could experiment with the routes I hand out in a test profile but I'd
rather get the official word on how to do this.
Thanks
Justin
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list