05-02-2007 07:40 AM - edited 02-21-2020 03:00 PM
Hi gents,
I have RA VPN configured. When mobile users are trying to access with Cisco VPN Client from different offices, they loose their lan access. How can i keep the remote access users connected both on the VPN and LAN connections?
thanks
Leo
05-02-2007 07:51 AM
What device/version?
This is for pix/asa 7.
http://cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml
05-03-2007 05:57 AM
Hi,
I have 7.0
But i found the different link.
http://cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml
It gave me what i need.
With the split-tunneling all RA users can use both LAN and tunnel..
Now i am trying to distinguish both samples.
From samples i found:
"This document provides step-by-step instructions on how to allow Cisco VPN Clients to only access their local LAN while tunneled into a Cisco ASA 5500 Series Security Appliance or PIX 500 Series Security Appliance. An access list is used in order to allow local LAN access in much the same way that split tunneling is configured on the ASA. However, instead of defining which networks should be encrypted, the access list in this case defines which networks should not be encrypted. Also, unlike the split tunneling scenario, the actual networks in the list do not need to be known. Instead, the ASA supplies a default network of 0.0.0.0/255.255.255.255 which is understood to mean the local LAN of the VPN Client."
1.So the philosophy of split-tunneling - "what should send to tunnel" and other traffic - LAN, internet goes straight away.
2.Local Lan Access - "what should not sent to tunnel" you can indicate LAN subnet. But Internet requests will go to tunnel!?
I am right?
05-03-2007 06:21 AM
Yes, the options for split-tunnel-policy are
tunnelall - tunnel everything, no split tunnel
excludespecified - specify local lan access with 0.0.0.0 in acl, no internet access because only local lan subnet will be excluded
tunnelspecified - specify remote networks to tunnel, split tunnel internet access
You can view the networks with your vpn client. While connected go to Status -> Statistics -> Route Details. You will see "local lan routes" and "Secured routes".
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: