Cisco Systems ISA550 Allowing IPsec Remote VPN Clients to Access the Internet

VPN

Configuring IPsec Remote Access

Cisco ISA500 Series Integrated Security Appliances Administration Guide 360

NOTE: The backup servers that you specified on the IPsec VPN ser ver will

be sent to rem ote VPN clients w hen initiating the VPN connections. The

remote VPN clients will cache them.

•Split Tunnel: Click On to enable the split tunneling feature, or click Off to

disable it. Split tunneling allows only traffic that is specified by the VPN client

routes to corporate resources through the VPN tunnel. If you enable split

tunneling, you need to define the split subnets. To add a subnet, enter the IP

address and netmask in the Protected Network and Netmask fields and

click Add. To delete a subnet, select it from the list and click Delete.

•Split DNS: Split DNS directs DNS packets in clear text through the VPN

tunnel to domains served by the corporate DNS. To add a domain, enter the

Domain name that should be resolved by your network’s DNS server, and

then click Add. To delete a domain, select it from the list and click Delete.

NOTE: To use Split DNS, you must also enable the split tunneling feature and

specify the domains. The Split DNS feature supports up to 10 domains.

STEP 6 Click OK to save your settings.

STEP 7 Click Save to apply your settings.

Allowing IPsec Remote VPN Clients to Access the Internet

Enabling Client Internet Access will automatically create advanced NAT rules to

allow remote VPN clients to access the Internet over the VPN tunnels. This section

provides an example on manually configuring advanced NAT rules to allow remote

VPN clients to access the Internet over the VPN tunnels.

STEP 1 Assuming that you enable the IPsec Remote Access feature and create a group

policy as follows:

Field Setting

Group Name VPNGroup1

WAN Interface WAN1

IKE Authentication

Method

Pre-shared key