05-28-2009 11:46 AM
Hello Forum,
I'm having an issue with RA VPN and split tunneling. Our company doesn't allow split tunneling.
I have the following....
ASA 5520 - ASA Version - 8.0(3)
Group Policies defined for different groups. My test group, I thought I disabled split tunneling but they are still able to surf the net.
For Split Tunneling Policy...
Inherit is unchecked
I have "Tunnel Network List Below"
Testing_splitTunnelAcl is my acl. I have a bunch of host IPs in the list. I don't have any or 0.0.0.0 in the list.
But they can still surf the net.
I would like to block access to net. No hairpinning or internet u-turns.
How do I do this?
Any help greatly appreciated.
Regards,
05-30-2009 09:00 AM
What does your Testing_spliTunnelAcl have?
To disable split tunneling, your Testing_spliTunnelAcl should only have this...
!
access-list Testing_splitTunnelAcl standard permit any
!
...which means all traffic will be encrypted and will be sent to ASA no matter what. If you add any IP Address, only those traffic destined to the IP Address in the list will be encrypted and send to ASA, everything else will go to internet from the client.
It may be confusing but try and see what happens.
06-01-2009 05:39 AM
My split tunnel ACL has only IP addresses that I want to allow. I don't want to allow them access to the internet via split tunnel or tunneled.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide