Split Tunnel with Remote Access VPN

Unanswered Question
May 14th, 2009

Hi all,

I have a remote VPN to an ASA 5510 and I want to enable teh split tunnel so teh VPN client can access its own LAN as well when connected with VPN.

I have made the policies as described by Cisco , but nada !!!!

It is not working. I mean VPN works fine , but the Local LAn access does not.

I am attaching teh config!

group-policy RMTVPN internal

group-policy RMTVPN attributes

split-tunnel-policy excludespecified

default-group-policy RMTVPN

group-policy RMTVPN internal

group-policy RMTVPN attributes

vpn-idle-timeout 30

split-tunnel-policy excludespecified

split-tunnel-network-list value Local_LAN_Access

username test_RA password CXgT6kaftedu5zxk encrypted

username test_RA attributes

vpn-idle-timeout 30

tunnel-group RMTVPN type ipsec-ra

tunnel-group RMTVPN general-attributes

address-pool vpnpool

default-group-policy RMTVPN

access-list Local_LAN_Access standard permit host

Could there be some conflict in teh policies?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jjohnston1127 Thu, 05/14/2009 - 07:05

Here is how I deploy split tunnel VPNs.

1. Change the split tunnel policy to tunnelspecified.

2. Create a standard access-list called splittunnel.

3. Add the IP subnets that you need to be able to access through the VPN to access-list splittunnel.

access-list splittunnel standard permit (where = an IP subnet you need access to. Repeat that for every subnet.)

group-policy RMTVPN attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value splittunnel


This Discussion