Split Tunnel with Remote Access VPN

hunnetvl01 · ‎05-14-2009

Hi all,

I have a remote VPN to an ASA 5510 and I want to enable teh split tunnel so teh VPN client can access its own LAN as well when connected with VPN.

I have made the policies as described by Cisco , but nada !!!!

It is not working. I mean VPN works fine , but the Local LAn access does not.

I am attaching teh config!

group-policy RMTVPN internal

group-policy RMTVPN attributes

split-tunnel-policy excludespecified

default-group-policy RMTVPN

group-policy RMTVPN internal

group-policy RMTVPN attributes

vpn-idle-timeout 30

split-tunnel-policy excludespecified

split-tunnel-network-list value Local_LAN_Access

username test_RA password CXgT6kaftedu5zxk encrypted

username test_RA attributes

vpn-idle-timeout 30

tunnel-group RMTVPN type ipsec-ra

tunnel-group RMTVPN general-attributes

address-pool vpnpool

default-group-policy RMTVPN

access-list Local_LAN_Access standard permit host 0.0.0.0

Could there be some conflict in teh policies?

Thanks,

Vlad

jj27 · ‎05-14-2009

Here is how I deploy split tunnel VPNs.

1. Change the split tunnel policy to tunnelspecified.

2. Create a standard access-list called splittunnel.

3. Add the IP subnets that you need to be able to access through the VPN to access-list splittunnel.

access-list splittunnel standard permit 1.2.3.4 255.255.255.0 (where 1.2.3.4 = an IP subnet you need access to. Repeat that for every subnet.)

group-policy RMTVPN attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value splittunnel