Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Downloadable ACLs for VPN split-tunneling

Hello.

We know about the ipsec:inacl attribute for configuring split-tunneling for a VPN group, but AFAWK you must define the ACL in the local configuration of the router. Is it possible to define the ACL in the RADIUS server instead? How? By the way, is it possible to do the same for the IPsec pools?

Thank you beforehand.

1 REPLY
Silver

Re: Downloadable ACLs for VPN split-tunneling

The following steps to be followed for spit tunnelling

Set the split tunneling policy to only tunnel networks in the list.

Configure network lists and default domain names in the Common Client Parameters section of this screen.

Change the default setting on the client PC's Internet Protocol (TCP/IP) Properties window. Go to Control Panel > Network Connections > VPN > VPN Properties > Networking > Internet Protocol (TCP/IP) > Select Properties > Internet Protocol (TCP/IP) Properties window. Select Advanced and uncheck the box.

Note: If you enable both split tunneling and individual user authentication for a VPN 3002 Hardware Client, you must authenticate only when sending traffic bound for destinations on the other side of the IPSec tunnel.

198
Views
0
Helpful
1
Replies