cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
333
Views
4
Helpful
3
Replies

Split-Tunneling Question

thomas.reiling
Level 1
Level 1

I added the commands to my config to enable split tunneling. Now I can access the Internet while VPN'd in but not the network. I've attached a sanitized config. Can you please let me know where it is wrong? Thank you.

3 Replies 3

kagodfrey
Level 3
Level 3

Hi Thomas

It's difficult to say for sure without knowing what was originally behind the xxx'd out address, but as you have xxx'd out your outside address as well I wonder whether your split tunnel acl is correct? Split tunnel "permit"s should be configured to allow data from the VPN client's IP address range across the VPN to the desired internal destination, therefore it should be permitting your inside network. The VPN client will then send traffic destined for your internal network down the VPN and route other traffic out of the VPN users internet connection as normal.

HTH

Kev

Thanks, Kev. What was behind the original xxx's is the private network address that my pc has before I fire up the tunnel. It's a 10.x.x.x address.

Hi Thomas

That will most likely be it then. The ACL should be in the form permit ip inside_subnet inside_mask vpnIPrange_subnet vpnIPrange_mask. In your case that would be:

access-list SPLIT-TUNNEL permit ip 192.168.41.0 255.255.255.0 192.168.46.0 255.255.255.0

and with that you should be able to access your internal network via the VPN whilst still being able to access the internet locally.

HTH

Kev

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: