Please find the config below. ive also had a look at the logs which dont show any hits against the split tunnel acl.

: Saved

:

ASA Version 8.0(3)19

!

hostname it-fw-5510

!

interface Ethernet0/0

speed 100

duplex full

nameif outside

security-level 0

ip address ***.***.***.*** 255.255.255.240

!

interface Ethernet0/1

no nameif

no security-level

no ip address

!

interface Ethernet0/1.997

vlan 997

nameif demo

security-level 100

ip address 172.27.255.1 255.255.255.0

!

interface Ethernet0/1.998

vlan 998

nameif guest

security-level 25

ip address 172.30.255.1 255.255.255.0

!

interface Ethernet0/2

speed 100

duplex full

nameif access

security-level 100

ip address 172.29.255.1 255.255.255.0

!

interface Ethernet0/3

speed 100

duplex full

nameif voice

security-level 100

ip address 172.28.255.1 255.255.255.0

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.255.1 255.255.255.0

management-only

!

same-security-traffic permit inter-interface

access-list ITTelco_Rmt_splitTunnelAcl standard permit 172.29.255.0 255.255.255.0

access-list exempt_nat0_outbound extended permit ip 172.24.0.0 255.248.0.0 172.24.0.0 255.248.0.0

nat-control

global (outside) 1 interface

global (outside) 2 guestoutbound

nat (demo) 0 access-list exempt_nat0_outbound

nat (guest) 2 172.30.255.0 255.255.255.0

nat (access) 0 access-list exempt_nat0_outbound

nat (access) 1 172.29.255.0 255.255.255.0

nat (voice) 0 access-list exempt_nat0_outbound

nat (voice) 1 172.28.255.0 255.255.255.0

access-group outside_access_in in interface outside

dynamic-access-policy-record DfltAccessPolicy

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-3DES-SHA

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000

crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

no vpn-addr-assign aaa

no vpn-addr-assign local

group-policy ITTelco_Rmt internal

group-policy ITTelco_Rmt attributes

wins-server value 172.29.255.25

dns-server value 172.29.255.25

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value ITTelco_Rmt_splitTunnelAcl

default-domain value

tunnel-group ITTelco_Rmt type remote-access

tunnel-group ITTelco_Rmt general-attributes

authentication-server-group LDAP

default-group-policy ITTelco_Rmt

dhcp-server it-bir-fap-int

tunnel-group ITTelco_Rmt ipsec-attributes

pre-shared-key *

!