Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ASA 5520 Version 8.2(1) Split tunnel enable Process

Hi,

We have configured a cisco ASA 5520 firewall as a remote VPN. Remote VPN user connected properly but VPN user disconnected form internet. So we need to configure split tunnel. Please help us how to configure split tunnel and require parameters/field. Thanks...

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

ASA 5520 Version 8.2(1) Split tunnel enable Process

Hi,

The setup is usually pretty easy

First you should create a Standard ACL that defines the networks which are found behind the VPN connection from the users perspective. In other words the networks that need to be tunneled.

For example if your LAN networks was 10.0.0.0/24

access-list SPLIT-TUNNEL standard permit 10.0.0.0 255.255.255.0

Then you would need to configure some additional things in your VPN client connections "group-policy"

For example

group-policy CLIENT attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value SPLIT-TUNNEL

The above would essentially handle the Split Tunnel portion of the configurations. The "split-tunnel-policy" command specifies how the network selection for the VPN is handled. It might aswell be configured to specify Full Tunnel or to simply Exclude some networks. The "split-tunnel-network-list value" command tells the ASA the networks used in the Split Tunnel (the ACL we created)

Hope this helps

- Jouni

2 REPLIES
Super Bronze

ASA 5520 Version 8.2(1) Split tunnel enable Process

Hi,

The setup is usually pretty easy

First you should create a Standard ACL that defines the networks which are found behind the VPN connection from the users perspective. In other words the networks that need to be tunneled.

For example if your LAN networks was 10.0.0.0/24

access-list SPLIT-TUNNEL standard permit 10.0.0.0 255.255.255.0

Then you would need to configure some additional things in your VPN client connections "group-policy"

For example

group-policy CLIENT attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value SPLIT-TUNNEL

The above would essentially handle the Split Tunnel portion of the configurations. The "split-tunnel-policy" command specifies how the network selection for the VPN is handled. It might aswell be configured to specify Full Tunnel or to simply Exclude some networks. The "split-tunnel-network-list value" command tells the ASA the networks used in the Split Tunnel (the ACL we created)

Hope this helps

- Jouni

ASA 5520 Version 8.2(1) Split tunnel enable Process

Hi Jouni,

Thanks for your help. Now the split tunnel is working...

544
Views
0
Helpful
2
Replies
CreatePlease login to create content