At our client I configured Split Tunneling on an ASA but somehow it doesn't seem to function.
I have the feeling I'm missing something but I don't see what.
Situation as followed:
Network: 10.38.11.192 255.255.255.224
group-policy VPNCLIENTS attributes
dns-server value 10.38.11.203
split-tunnel-network-list value Split_Tunnel_VDDnew
access-list Split_Tunnel_VDD standard permit 10.38.11.192 255.255.255.224
ip local pool VPNDHCP 10.38.12.1-10.38.12.100
I don't see what is wrong here since the same setup is used at other clients.
Hope someone can help.
Woops, copied an old ACL, correct split-tunnel list:
access-list Split_Tunnel_VDDnew extended permit ip 10.38.11.192 255.255.255.224 10.38.12.0 255.255.255.0
Sorry, should have mentioned it before but I'm fairly new to this.
Isn't the NAT statement mandatory since my external adres is bound to it?
Also what do you mean with standard ACL, or does NAT look at the standard ACL once you remove it?
Again sorry, I started doing ASA's and PIX's recently and find them awefully cryptic sometimes.
have a look here,
Hope this help.
That's the ironic part, I followed that manual exactly. I even had our Senior Network Engineer take a loot at it and also said "Weird... it should work".
Therefor I have the feeling I'm missing something.
Can you provide all VPN configuration?
Have you set the default group policy when define the tunnel-group?
tunnel-group XXXXXXX general-attributes
Andrea advise ( Default-group-policy) should do it.
If that does not make a difference please post entire configuration.
The config looks fine. When you say it is not working - what exctly the issue? VPN clients unable to access the internal network? Few things you need to check...
1. nat 0 access-list for internal network to remote von client subnet.
2. same security traffic permit intra/inter interface allowed. (check the syntax for this command).
3. Route on internal routers that points the traffic to VPN subnets to ASA inside interface. (default should do as well).