Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSL VPN Full and Split Tunnel Config Question

I am Beta testing SSLVPN on an IOS router. The question I have is this:

Is it possiable to have slit and full tunnel configs. It seems that once you create your context and default profile that is all you have either split or full. The books say you can use Radius and assign different profiles but, I would like to give the users a choice (like in the VPN3000 .pcf) of either split or full depending on where they are working from.

5 REPLIES

Re: SSL VPN Full and Split Tunnel Config Question

The below is an example using the ASA - but the principle remains the same:-

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_example09186a0080975e83.shtml

HTH>

New Member

Re: SSL VPN Full and Split Tunnel Config Question

Thank-you for your reply. It seems that in the IOS you can have one Context and Profile assocateed to the IPaddree so, xx.xx.xx.1 is full tunnel and it appears that you have to have a second Context / Profile for a split tunnel.

It appears the better choice maybe the ASA for doing SSLVPN

Re: SSL VPN Full and Split Tunnel Config Question

Yes - the ASA appears to be better suited to your requirements.

HTH>

New Member

Re: SSL VPN Full and Split Tunnel Config Question

Sorry Andrew one more question about your SSLVPN on and ASA.

You have both full and split tunnels running on one interface?

Re: SSL VPN Full and Split Tunnel Config Question

Yes you do - you just have different profiles/groups that have different capabilities.

On a test ASA SSL VPN - I have had:-

1) Clientless

2) Thin-client

3) Full Client

Option 3 with either full tunneling or Split tunneling.

HTH>

140
Views
0
Helpful
5
Replies
CreatePlease login to create content