05-20-2009 06:26 PM - edited 03-11-2019 08:34 AM
Hi Expert,
I have a requirement which asks for tunneling all traffic from vpn client except for 3 public IP addresses. The Client VPN terminates on ASA 5510 version 7.2(4)
The configuration I tried are as below:
access-list exclude_1 extended permit ip 10.24.30.0 255.255.255.0 host 202.3.10.210
access-list exclude_1 extended permit ip 10.24.30.0 255.255.255.0 host 202.3.10.222
access-list exclude_1 extended permit ip 10.24.30.0 255.255.255.0 host 203.2.190.222
group-policy BartterPolicy attributes
wins-server value 10.1.0.63 10.3.0.1
dns-server value 10.1.0.63 10.3.0.1
vpn-tunnel-protocol IPSec
split-tunnel-policy excludespecified
split-tunnel-network-list value exclude_1
but from the stats - route details it stills shows 0.0.0.0 in the secure routes which means tunnel all traffic.
Any idea why this is happening. Thanks in advance.
05-21-2009 03:35 AM
What version of code are you running?
try a different approach:-
split-tunnel-policy tunnelspecified
split-tunnel-network-list value exclude_1
access-list exclude_1 extended deny ip 10.24.30.0 255.255.255.0 host 202.3.10.210
access-list exclude_1 extended deny ip 10.24.30.0 255.255.255.0 host 202.3.10.222
access-list exclude_1 extended deny ip 10.24.30.0 255.255.255.0 host 203.2.190.222
access-list exclude_1 extended permit ip 10.24.30.0 255.255.255.0 any
HTH>
05-21-2009 07:34 PM
No luck. with this all internal access is not working but Internet access works with any restriction.
05-21-2009 10:34 PM
post the relevant config for review.
06-04-2009 11:07 AM
the checkbox on the client for allow local lan needs to be checked.
06-09-2009 12:29 PM
Under splittunneling access list try adding the IP of the gateway on the remote client side
Also enable split dns
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: