Hi Justin: -----Original Message----- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Justin Shore Sent: Wednesday, April 29, 2009 11:30 AM To: 'Cisco-nsp' Subject: [c-nsp] PIX/ASA full tunnel for clients
I've got what's probably a simple question that I just can't figure out. Is there a trick for setting up a "full" tunnel client VPN profiles (ie, no split tunneling?) on a PIX or ASA running v7 or better? I used to do this on VPN 3000 Concentrators with ease but my searches on "cisco ASA ipsec client VPN full tunnel" isn't giving me anything useful. Is it called something else now? I know that I have to run v7.x or better to hairpin encrypted and unencrypted traffic in and out of the outside interface. I could experiment with the routes I hand out in a test profile but I'd rather get the official word on how to do this. Thanks Justin [Michael K. Smith - Adhost] On the ASA you have to do the change in the group-policy settings: group-policy <group-name> attributes split-tunnel-policy tunnelall Regards, Mike _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/