hello, I have the following configuration
Internet---- 131.153.x.222 outside[ASA 5505]inside 192.168.1.1---
my inside network is 192.168.1.0/24
I configured ASA 5505 to nat internal clients to outside and I configured VPN IPsec access from internet. VPN clients get and ip address range 192.168.1.200-192.168.1.210 and I configred a split tunnel so that only packets to destination 192.168.1.0/24 is tunneled all the rest from the client VPN is not tunneled.
in this way users can access 192.168.1.0/24 network via VPN client and all the internet in an unencryted way outside VPN (splut tunnel).
But this is not what I want. I would like all users connected with VPN client which have been assigned a 192.168.1.200-192.168.1.210 range ip to go to the outside world using hte ASA as gateway. I do not want to use split tunnel. I would like an hairpinning configuration. So that users authenticated with ASA VPN could both reach inside network 192.168.1.0/24 and also internet being always into the VPN and not using split tunnel.
I am not able to achieve this. if I use
split-tunnel-policy tunnelall
and also
same-security-traffic permit inter-interface same-security-traffic permit intra-interface
nothing works anymore, clients connected in VPN can authenticate but cannot go on internet and cannot contact remote LAN 192.168.1.0/24 even if they are assigned to an IP address to that subnet. I would like clients both to go on internet and to reach subnet
192.168.1.0/24 but being connected to the ASA 131.153.x.222 in VPNis there a way to do so ?
I could not find any help abut this nowhere
thank you in advance
RJ45