Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Disabling Split Tunneling

Hello,

I have VPN setup between a 1710(branch) and 1841(core), and wanted to test it without using split tunnelling. I was told that to enable this, I just need to specify all of the VPN traffic in my VPN ACL. I did this(Permit ip any any), and the VPN traffic still works, but now web traffic doesnt. Then I changed the ACL at the core site to the same and still nothing. I also made sure the subnet was in the NAT ACL at the core site. Anyone have any ideas?

4 REPLIES
Green

Re: Disabling Split Tunneling

I'm a little confused. You say that vpn traffic works but web traffic does not. This means split tunneling is disabled.

Am I not understanding correctly?

New Member

Re: Disabling Split Tunneling

After my initial setup, web and vpn traffic were both working. I started toying around with disabling split tunnelling, and that is when the web traffic stopped working. I need the web traffic to work though, but I want the traffic to go out the internet pipe at my core site

Silver

Re: Disabling Split Tunneling

Then, yes, you want to tunnel all traffic...

New Member

Re: Disabling Split Tunneling

Yes that is what I'm trying to do, and I think its working partially since the web traffic not working tells me something has changed. Here are what my 2 VPN acl's look like

access-list 100 permit ip any any

I also added this line to my NAT acl at the core site

access-list 120 permit ip 192.168.20.0 0.0.0.255 any

I think I know my problem now, when the web traffic is trying to get back to my branch site, it is Natting. I need to change my NAT acl to deny all nat traffic to my branch(I only had the corp subnet setup). I'll try that and post results later. Thanks for the replies

228
Views
0
Helpful
4
Replies
CreatePlease login to create content