Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Split tunneling

Hi Expert,

I have a requirement which asks for tunneling all traffic from vpn client except for 3 public IP addresses. The Client VPN terminates on ASA 5510 version 7.2(4)

The configuration I tried are as below:

access-list exclude_1 extended permit ip 10.24.30.0 255.255.255.0 host 202.3.10.210

access-list exclude_1 extended permit ip 10.24.30.0 255.255.255.0 host 202.3.10.222

access-list exclude_1 extended permit ip 10.24.30.0 255.255.255.0 host 203.2.190.222

group-policy BartterPolicy attributes

wins-server value 10.1.0.63 10.3.0.1

dns-server value 10.1.0.63 10.3.0.1

vpn-tunnel-protocol IPSec

split-tunnel-policy excludespecified

split-tunnel-network-list value exclude_1

but from the stats - route details it stills shows 0.0.0.0 in the secure routes which means tunnel all traffic.

Any idea why this is happening. Thanks in advance.

5 REPLIES

Re: Split tunneling

What version of code are you running?

try a different approach:-

split-tunnel-policy tunnelspecified

split-tunnel-network-list value exclude_1

access-list exclude_1 extended deny ip 10.24.30.0 255.255.255.0 host 202.3.10.210

access-list exclude_1 extended deny ip 10.24.30.0 255.255.255.0 host 202.3.10.222

access-list exclude_1 extended deny ip 10.24.30.0 255.255.255.0 host 203.2.190.222

access-list exclude_1 extended permit ip 10.24.30.0 255.255.255.0 any

HTH>

Community Member

Re: Split tunneling

No luck. with this all internal access is not working but Internet access works with any restriction.

Re: Split tunneling

post the relevant config for review.

Community Member

Re: Split tunneling

the checkbox on the client for allow local lan needs to be checked.

Community Member

Re: Split tunneling

Under splittunneling access list try adding the IP of the gateway on the remote client side

Also enable split dns

161
Views
0
Helpful
5
Replies
CreatePlease to create content