Split tunneling

k.ramalingam · ‎05-20-2009

Hi Expert,

I have a requirement which asks for tunneling all traffic from vpn client except for 3 public IP addresses. The Client VPN terminates on ASA 5510 version 7.2(4)

The configuration I tried are as below:

access-list exclude_1 extended permit ip 10.24.30.0 255.255.255.0 host 202.3.10.210

access-list exclude_1 extended permit ip 10.24.30.0 255.255.255.0 host 202.3.10.222

access-list exclude_1 extended permit ip 10.24.30.0 255.255.255.0 host 203.2.190.222

group-policy BartterPolicy attributes

wins-server value 10.1.0.63 10.3.0.1

dns-server value 10.1.0.63 10.3.0.1

vpn-tunnel-protocol IPSec

split-tunnel-policy excludespecified

split-tunnel-network-list value exclude_1

but from the stats - route details it stills shows 0.0.0.0 in the secure routes which means tunnel all traffic.

Any idea why this is happening. Thanks in advance.

andrew.prince · ‎05-21-2009

What version of code are you running?

try a different approach:-

split-tunnel-policy tunnelspecified

split-tunnel-network-list value exclude_1

access-list exclude_1 extended deny ip 10.24.30.0 255.255.255.0 host 202.3.10.210

access-list exclude_1 extended deny ip 10.24.30.0 255.255.255.0 host 202.3.10.222

access-list exclude_1 extended deny ip 10.24.30.0 255.255.255.0 host 203.2.190.222

access-list exclude_1 extended permit ip 10.24.30.0 255.255.255.0 any

HTH>

k.ramalingam · ‎05-21-2009

No luck. with this all internal access is not working but Internet access works with any restriction.

andrew.prince · ‎05-21-2009

post the relevant config for review.

ryancolson · ‎06-04-2009

the checkbox on the client for allow local lan needs to be checked.

srikantganesh · ‎06-09-2009

Under splittunneling access list try adding the IP of the gateway on the remote client side

Also enable split dns