Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
582
Views
5
Helpful
3
Replies

I cannot get split tunnel working on asa5510

Go to solution
dazford
Level 1
Level 1

‎12-09-2005 04:16 PM - edited ‎02-21-2020 12:35 AM

I can connect using the cisco vpn client and talk to the internal network. As soon as i connect to the vpn i cannot access the internet via the vpn tunnel or the local internet at the workstation. Attatched is the config.

Any help would be much appreciated.

Preview file
5 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎12-12-2005 06:33 PM

This is your problem:

access-list VPN_Tunnel_splitTunnelAcl standard permit any

group-policy VPN_Tunnel_1 attributes

   split-tunnel-network-list value VPN_Tunnel_splitTunnelAcl

So you've defined a split tunnel access-list, but it says "permit any" which means encrypt all traffic. your split tunnel ACL must specify the networks that you want encrypted, so change the ACL to something like:

access-list VPN_Tunnel_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0

The next time you connect you will only encrypt traffic for the 192.168.0.0/24 network. You can add more lines to your ACL if you want to tunnel more networks.

View solution in original post

3 Replies 3

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎12-12-2005 06:33 PM

This is your problem:

access-list VPN_Tunnel_splitTunnelAcl standard permit any

group-policy VPN_Tunnel_1 attributes

   split-tunnel-network-list value VPN_Tunnel_splitTunnelAcl

So you've defined a split tunnel access-list, but it says "permit any" which means encrypt all traffic. your split tunnel ACL must specify the networks that you want encrypted, so change the ACL to something like:

access-list VPN_Tunnel_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0

The next time you connect you will only encrypt traffic for the 192.168.0.0/24 network. You can add more lines to your ACL if you want to tunnel more networks.

Go to solution
dazford
Level 1
Level 1
In response to gfullage

‎12-13-2005 12:57 PM

Thanks for the reply. i will edit the config in the next week or so and post back the results.

Thanks again!

0 Helpful

Go to solution
dazford
Level 1
Level 1
In response to gfullage

‎01-15-2006 04:08 PM

Sorry for the delay, flat out at christmas time.

I have specified the network as you said and all is well. Thanks for the help. Much appreciated.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card