Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

I cannot get split tunnel working on asa5510

I can connect using the cisco vpn client and talk to the internal network. As soon as i connect to the vpn i cannot access the internet via the vpn tunnel or the local internet at the workstation. Attatched is the config.

Any help would be much appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: I cannot get split tunnel working on asa5510

This is your problem:

access-list VPN_Tunnel_splitTunnelAcl standard permit any

group-policy VPN_Tunnel_1 attributes

   split-tunnel-network-list value VPN_Tunnel_splitTunnelAcl

So you've defined a split tunnel access-list, but it says "permit any" which means encrypt all traffic. your split tunnel ACL must specify the networks that you want encrypted, so change the ACL to something like:

access-list VPN_Tunnel_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0

The next time you connect you will only encrypt traffic for the 192.168.0.0/24 network. You can add more lines to your ACL if you want to tunnel more networks.

3 REPLIES
Cisco Employee

Re: I cannot get split tunnel working on asa5510

This is your problem:

access-list VPN_Tunnel_splitTunnelAcl standard permit any

group-policy VPN_Tunnel_1 attributes

   split-tunnel-network-list value VPN_Tunnel_splitTunnelAcl

So you've defined a split tunnel access-list, but it says "permit any" which means encrypt all traffic. your split tunnel ACL must specify the networks that you want encrypted, so change the ACL to something like:

access-list VPN_Tunnel_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0

The next time you connect you will only encrypt traffic for the 192.168.0.0/24 network. You can add more lines to your ACL if you want to tunnel more networks.

Community Member

Re: I cannot get split tunnel working on asa5510

Thanks for the reply. i will edit the config in the next week or so and post back the results.

Thanks again!

Community Member

Re: I cannot get split tunnel working on asa5510

Sorry for the delay, flat out at christmas time.

I have specified the network as you said and all is well. Thanks for the help. Much appreciated.

146
Views
5
Helpful
3
Replies
CreatePlease to create content