10-12-2007 09:20 PM - edited 03-09-2019 07:01 PM
I have a cisco 1721 running 12.4 terminating a ras vpn and have gotten it working, using split tunneling. However, Is there a way to specify which routes will be considered "local". Forexample, if I simply activate include local lan, only that subnet will be treated as local. I want to be able to have internet traffic also go thru the vpn. My issue is that if I am connecting via the vpn and I need access to local resources on other subnets(like a larger company that has PCs on one subnet, servers on another, etc), but still have access to my remote network and have internet traffic tunneled accross the vpn, without having to explicitly add all internet class A routes as well as secured routes in the split tunnel ACL. I tried using deny statements in the split tunnel ACL however that did not work, as it treated the denys as permits. Is this doable and if so, how? I already have everything else working, as far as internet traffic flowing thru the vpn.
10-22-2007 12:10 PM
Please let me know if you get this working. I have the same issue on a 2811 ver 12.4.13b. I a convienced that a "deny" statement on a EZVPN group ACL really messes things up.
04-15-2008 11:07 PM
Did anyone of you get a work around to this? i'm trying do route certain internet traffic through our main site. I have two sites connected via ezvpn server using asa 5505's.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: