×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

I cannot get split tunnel working on asa5510

Answered Question

I can connect using the cisco vpn client and talk to the internal network. As soon as i connect to the vpn i cannot access the internet via the vpn tunnel or the local internet at the workstation. Attatched is the config.


Any help would be much appreciated.





Correct Answer by gfullage about 11 years 8 months ago

This is your problem:


access-list VPN_Tunnel_splitTunnelAcl standard permit any


group-policy VPN_Tunnel_1 attributes

   split-tunnel-network-list value VPN_Tunnel_splitTunnelAcl


So you've defined a split tunnel access-list, but it says "permit any" which means encrypt all traffic. your split tunnel ACL must specify the networks that you want encrypted, so change the ACL to something like:


access-list VPN_Tunnel_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0


The next time you connect you will only encrypt traffic for the 192.168.0.0/24 network. You can add more lines to your ACL if you want to tunnel more networks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
gfullage Mon, 12/12/2005 - 18:33
User Badges:
  • Cisco Employee,

This is your problem:


access-list VPN_Tunnel_splitTunnelAcl standard permit any


group-policy VPN_Tunnel_1 attributes

   split-tunnel-network-list value VPN_Tunnel_splitTunnelAcl


So you've defined a split tunnel access-list, but it says "permit any" which means encrypt all traffic. your split tunnel ACL must specify the networks that you want encrypted, so change the ACL to something like:


access-list VPN_Tunnel_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0


The next time you connect you will only encrypt traffic for the 192.168.0.0/24 network. You can add more lines to your ACL if you want to tunnel more networks.

Actions

This Discussion