07-07-2007 10:05 PM - edited 03-11-2019 03:41 AM
Hi all
We have a vpn site-to-site with our partner company, we are the vpn client and they are the vpn server because we have 4 pcs that have been configured through our ASA 5505 firewall so that the 4 pcs can access to our partner company remotely. OK here is my question:
If I want to use the function of split tunneling so that the 4 pcs can access the remote site and also access to the internet and our network at the same time. The cofiguration for split tunneling has to be done on the remote site not on the client site, is it correct?
Any help would be much appreciated.
Cheers
07-08-2007 02:56 AM
Hi .. yes that is correct .. on the client you only configure general values such vpn server ip address, group name and pre-shared key (additional username and password if using extended authentication). when the vpn client contacts the vpn server and these parameters are successfully negotiated, then the vpn server pushes the rest of the configuration to the vpn client.
In summary those changes need to be performed at the vpn server site. Assuming you already have Internet access from behind your ASA5505 when the tunnel is not active .. then no further changes need to be performed on your firewall.
I hope it helps ... please rte it if it does !!!
07-08-2007 03:01 PM
Thanks a lot for your reply.
So if I want to configure the split tunneling it has to be done on the remote or VPN server.
Hhhuummm!!! it is not in my control. I have to contact the IT guy from the VPN server.
I thought since site-to-site VPN we can do at both ends.
Anyway once again thanks a lot for your help.
07-09-2007 04:49 AM
If this is a site-to-site VPN, just look at how your crypto ACL's are configured on your 5505. Only the traffic defined by those will go across the tunnel, everything else exits the ASA per the device policy.
If you are using EZVPN, then yes, split tunneling is controlled at the other site.
07-10-2007 02:22 AM
Hi
yes it is site-to-site VPN, so you are saying I could do the split tunneling from my end to allow those 4 pcs to have both access i.e. internet and resourse from the remote VPN. Please confirm it, so that I can do research how to configure Split tunneling on site-to-site VPN.
Thanks a lot
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: