[c-nsp] PIX/ASA full tunnel for clients
Ryan Hughes
rshughes at gmail.com
Wed Apr 29 15:01:01 EDT 2009
Not really - simply don't specify a split tunnel policy under the
group-policy for the Remote Access group on the ASA.
group-policy RAS attributes
dns-server value X.X.X.X
vpn-tunnel-protocol IPSec
split-tunnel-policy excludespecified ! don't need
split-tunnel-network-list value TEST-ACL ! don't need
address-pools value VPN-POOL2
webvpn
url-list value XXX-XXX
Ryan
On Wed, Apr 29, 2009 at 2:29 PM, Justin Shore <justin at justinshore.com>wrote:
> I've got what's probably a simple question that I just can't figure out.
>
> Is there a trick for setting up a "full" tunnel client VPN profiles (ie, no
> split tunneling?) on a PIX or ASA running v7 or better? I used to do this
> on VPN 3000 Concentrators with ease but my searches on "cisco ASA ipsec
> client VPN full tunnel" isn't giving me anything useful. Is it called
> something else now? I know that I have to run v7.x or better to hairpin
> encrypted and unencrypted traffic in and out of the outside interface.
>
> I could experiment with the routes I hand out in a test profile but I'd
> rather get the official word on how to do this.
>
> Thanks
> Justin
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list