Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Question on VPN site-to-site split tunneling please

Hi all

We have a vpn site-to-site with our partner company, we are the vpn client and they are the vpn server because we have 4 pcs that have been configured through our ASA 5505 firewall so that the 4 pcs can access to our partner company remotely. OK here is my question:

If I want to use the function of split tunneling so that the 4 pcs can access the remote site and also access to the internet and our network at the same time. The cofiguration for split tunneling has to be done on the remote site not on the client site, is it correct?

Any help would be much appreciated.

Cheers

4 REPLIES

Re: Question on VPN site-to-site split tunneling please

Hi .. yes that is correct .. on the client you only configure general values such vpn server ip address, group name and pre-shared key (additional username and password if using extended authentication). when the vpn client contacts the vpn server and these parameters are successfully negotiated, then the vpn server pushes the rest of the configuration to the vpn client.

In summary those changes need to be performed at the vpn server site. Assuming you already have Internet access from behind your ASA5505 when the tunnel is not active .. then no further changes need to be performed on your firewall.

I hope it helps ... please rte it if it does !!!

Community Member

Re: Question on VPN site-to-site split tunneling please

Thanks a lot for your reply.

So if I want to configure the split tunneling it has to be done on the remote or VPN server.

Hhhuummm!!! it is not in my control. I have to contact the IT guy from the VPN server.

I thought since site-to-site VPN we can do at both ends.

Anyway once again thanks a lot for your help.

Gold

Re: Question on VPN site-to-site split tunneling please

If this is a site-to-site VPN, just look at how your crypto ACL's are configured on your 5505. Only the traffic defined by those will go across the tunnel, everything else exits the ASA per the device policy.

If you are using EZVPN, then yes, split tunneling is controlled at the other site.

Community Member

Re: Question on VPN site-to-site split tunneling please

Hi

yes it is site-to-site VPN, so you are saying I could do the split tunneling from my end to allow those 4 pcs to have both access i.e. internet and resourse from the remote VPN. Please confirm it, so that I can do research how to configure Split tunneling on site-to-site VPN.

Thanks a lot

189
Views
5
Helpful
4
Replies
CreatePlease to create content