Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
720
Views
5
Helpful
2
Replies

RA VPN on ASA and Split Tunneling

sean-boston
Level 1
Level 1

‎05-28-2009 11:46 AM

Hello Forum,

I'm having an issue with RA VPN and split tunneling. Our company doesn't allow split tunneling.

I have the following....

ASA 5520 - ASA Version - 8.0(3)

Group Policies defined for different groups. My test group, I thought I disabled split tunneling but they are still able to surf the net.

For Split Tunneling Policy...

Inherit is unchecked

I have "Tunnel Network List Below"

Testing_splitTunnelAcl is my acl. I have a bunch of host IPs in the list. I don't have any or 0.0.0.0 in the list.

But they can still surf the net.

I would like to block access to net. No hairpinning or internet u-turns.

How do I do this?

Any help greatly appreciated.

Regards,

Labels:
0 Helpful
2 Replies 2

Danilo Dy
VIP Alumni
VIP Alumni

‎05-30-2009 09:00 AM

What does your Testing_spliTunnelAcl have?

To disable split tunneling, your Testing_spliTunnelAcl should only have this...

!

access-list Testing_splitTunnelAcl standard permit any

!

...which means all traffic will be encrypted and will be sent to ASA no matter what. If you add any IP Address, only those traffic destined to the IP Address in the list will be encrypted and send to ASA, everything else will go to internet from the client.

It may be confusing but try and see what happens.

sean-boston
Level 1
Level 1
In response to Danilo Dy

‎06-01-2009 05:39 AM

My split tunnel ACL has only IP addresses that I want to allow. I don't want to allow them access to the internet via split tunnel or tunneled.

0 Helpful
Customers Also Viewed These Support Documents