Solved: I cannot get split tunnel working on asa5510

dazford · ‎12-09-2005

I can connect using the cisco vpn client and talk to the internal network. As soon as i connect to the vpn i cannot access the internet via the vpn tunnel or the local internet at the workstation. Attatched is the config.

Any help would be much appreciated.

gfullage · ‎12-12-2005

This is your problem:

access-list VPN_Tunnel_splitTunnelAcl standard permit any

group-policy VPN_Tunnel_1 attributes

split-tunnel-network-list value VPN_Tunnel_splitTunnelAcl

So you've defined a split tunnel access-list, but it says "permit any" which means encrypt all traffic. your split tunnel ACL must specify the networks that you want encrypted, so change the ACL to something like:

access-list VPN_Tunnel_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0

The next time you connect you will only encrypt traffic for the 192.168.0.0/24 network. You can add more lines to your ACL if you want to tunnel more networks.

View solution in original post

gfullage · ‎12-12-2005

This is your problem:

access-list VPN_Tunnel_splitTunnelAcl standard permit any

group-policy VPN_Tunnel_1 attributes

split-tunnel-network-list value VPN_Tunnel_splitTunnelAcl

So you've defined a split tunnel access-list, but it says "permit any" which means encrypt all traffic. your split tunnel ACL must specify the networks that you want encrypted, so change the ACL to something like:

access-list VPN_Tunnel_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0

The next time you connect you will only encrypt traffic for the 192.168.0.0/24 network. You can add more lines to your ACL if you want to tunnel more networks.

dazford · ‎12-13-2005

Thanks for the reply. i will edit the config in the next week or so and post back the results.

Thanks again!

dazford · ‎01-15-2006

Sorry for the delay, flat out at christmas time.

I have specified the network as you said and all is well. Thanks for the help. Much appreciated.