Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Split-Tunneling Question

I added the commands to my config to enable split tunneling. Now I can access the Internet while VPN'd in but not the network. I've attached a sanitized config. Can you please let me know where it is wrong? Thank you.

3 REPLIES
New Member

Re: Split-Tunneling Question

Hi Thomas

It's difficult to say for sure without knowing what was originally behind the xxx'd out address, but as you have xxx'd out your outside address as well I wonder whether your split tunnel acl is correct? Split tunnel "permit"s should be configured to allow data from the VPN client's IP address range across the VPN to the desired internal destination, therefore it should be permitting your inside network. The VPN client will then send traffic destined for your internal network down the VPN and route other traffic out of the VPN users internet connection as normal.

HTH

Kev

New Member

Re: Split-Tunneling Question

Thanks, Kev. What was behind the original xxx's is the private network address that my pc has before I fire up the tunnel. It's a 10.x.x.x address.

New Member

Re: Split-Tunneling Question

Hi Thomas

That will most likely be it then. The ACL should be in the form permit ip inside_subnet inside_mask vpnIPrange_subnet vpnIPrange_mask. In your case that would be:

access-list SPLIT-TUNNEL permit ip 192.168.41.0 255.255.255.0 192.168.46.0 255.255.255.0

and with that you should be able to access your internal network via the VPN whilst still being able to access the internet locally.

HTH

Kev

116
Views
4
Helpful
3
Replies