Allowing Ipsec Remote Vpn Clients To Access The Internet - Cisco ISA550 Administration Manual

VPN
Configuring IPsec Remote Access
STEP 6
STEP 7
STEP 1
Cisco ISA500 Series Integrated Security Appliances Administration Guide
NOTE: The backup servers that you specified on the IPsec VPN server will
be sent to remote VPN clients when initiating the VPN connections. The
remote VPN clients will cache them.
• Split Tunnel: Click On to enable the split tunneling feature, or click Off to
disable it. Split tunneling allows only traffic that is specified by the VPN client
routes to corporate resources through the VPN tunnel. If you enable split
tunneling, you need to define the split subnets. To add a subnet, enter the IP
address and netmask in the Protected Network and Netmask fields and
click Add. To delete a subnet, select it from the list and click Delete.
• Split DNS: Split DNS directs DNS packets in clear text through the VPN
tunnel to domains served by the corporate DNS. To add a domain, enter the
Domain name that should be resolved by your network's DNS server, and
then click Add. To delete a domain, select it from the list and click Delete.
NOTE: To use Split DNS, you must also enable the split tunneling feature and
specify the domains. The Split DNS feature supports up to 10 domains.
Click OK to save your settings.
Click Save to apply your settings.

Allowing IPsec Remote VPN Clients to Access the Internet

Enabling Client Internet Access will automatically create advanced NAT rules to
allow remote VPN clients to access the Internet over the VPN tunnels. This section
provides an example on manually configuring advanced NAT rules to allow remote
VPN clients to access the Internet over the VPN tunnels.
Assuming that you enable the IPsec Remote Access feature and create a group
policy as follows:
Field
Group Name
WAN Interface
IKE Authentication
Method
Setting
VPNGroup1
WAN1
Pre-shared key
8
310