Unanswered Question
May 2nd, 2007
User Badges:

Hi gents,

I have RA VPN configured. When mobile users are trying to access with Cisco VPN Client from different offices, they loose their lan access. How can i keep the remote access users connected both on the VPN and LAN connections?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Leo_Stobbe Thu, 05/03/2007 - 05:57
User Badges:


I have 7.0

But i found the different link.


It gave me what i need.

With the split-tunneling all RA users can use both LAN and tunnel..

Now i am trying to distinguish both samples.

From samples i found:

"This document provides step-by-step instructions on how to allow Cisco VPN Clients to only access their local LAN while tunneled into a Cisco ASA 5500 Series Security Appliance or PIX 500 Series Security Appliance. An access list is used in order to allow local LAN access in much the same way that split tunneling is configured on the ASA. However, instead of defining which networks should be encrypted, the access list in this case defines which networks should not be encrypted. Also, unlike the split tunneling scenario, the actual networks in the list do not need to be known. Instead, the ASA supplies a default network of which is understood to mean the local LAN of the VPN Client."

1.So the philosophy of split-tunneling - "what should send to tunnel" and other traffic - LAN, internet goes straight away.

2.Local Lan Access - "what should not sent to tunnel" you can indicate LAN subnet. But Internet requests will go to tunnel!?

I am right?

acomiskey Thu, 05/03/2007 - 06:21
User Badges:
  • Green, 3000 points or more

Yes, the options for split-tunnel-policy are

tunnelall - tunnel everything, no split tunnel

excludespecified - specify local lan access with in acl, no internet access because only local lan subnet will be excluded

tunnelspecified - specify remote networks to tunnel, split tunnel internet access

You can view the networks with your vpn client. While connected go to Status -> Statistics -> Route Details. You will see "local lan routes" and "Secured routes".


This Discussion