Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN client

I recently upgraded to cisco asa. I configured users to connect through client VPN. on my laptop i installed VPN client software. when I connect to the asa I recieve the banner that I made to verify connection and it shows as connected. after I connect I can not ping or access the Internet. when I disconnect form the VPN, I am able to access Interenet resources again, but still not able to access files at my sites.???


Re: VPN client

post a sanitized config, as this could be many things.

New Member

Re: VPN client

a config of the asa? bear with me I am new to the Cisco world.

Cisco Employee

Re: VPN client

Yes, the config of the ASA would help us out.

"sh run"

Inorder for you to access the internet while connected through the VPN, you would need to do split tunneling or if you want to access internet via the ASA, that can be done as well.



Cisco Employee

Re: VPN client


It seems that you need to configure split-tunnel. If you are configuring through GUI (ASDM) then do the following :

1. Goto Configuration -> VPN -> General -> Group Policy.

2. Select the Group Policy you are using and click 'Edit'.

3. Goto Client Configuration -> General Client Parameters.

4. Make sure that the 'Inherit' against the Split Tunnel Policy and Split Tunnel Network List are unchecked.

5. Against Split Tunnel Policy select 'Tunnel Network List Below'.

6. Against Split Tunnel Network List make sure 'none' is selected and then click Manage.

7. Under Standard ACL, click Add.

8. Define a name.

9. Right click the ACL you created and click Add ACE.

10. Define the local network behind the ASA. Make sure that the network address and the mask is correct.

11. Click OK. Click OK. Click Apply and you are done.

If you are using CLI, the do the following :

(config)#access-list split permit ip any

(config)#group-policy attributes

(config-group-policy)#split-tunnel-policy tunnelspecified

(config-group-policy)#split-tunnel-network-list value split




Cisco Employee

Re: VPN client

Small correction :

(config)#access-list split permit ip any

should be

(config)#access-list split standard permit ip

CreatePlease login to create content