Microsoft Client VPN and Split Tunnelling - nothing works!
A question that has been asked many times before, however no solution seems to work. We are due to roll out remote access VPN to staff using (preferably) the Microsoft XP VPN client (for ease of integration and logging on), however I have been unable to get split tunnelling to work. The configuration on the ASA is as it should be, and works fine with the Cisco VPN client incidentally, but I cannot get it to work using the windows xp client. I have followed all the recommended configurations including disabling the default gateway in advanced ip settings. Is there a compatibility issue with the microsoft vpn client (L2TP) and the Cisco ASA's ?
Will we be limited to the Cisco VPN client only ?
Also - I understand the security implications with split tunnelling. All remote access will be via company supplied laptops with antivirus and mobile content filtering via surf control within the corporate LAN.
Re: Microsoft Client VPN and Split Tunnelling - nothing works!
The ASA does not support the L2TP/Windows XP VPN Client. So you will have to use the Cisco VPN Client or WebVPN.
About Split Tunnelling you don't mention any software Firewall. This is a very important step, since a Hacker could gain access to your PC via LAN or the Internet (depending on your ST configuration) and potentially use it to piggyback on to your company network. A very good idea when using ST is to force the Cisco VPN Client Integrated Firewall using the client-firewall command in group-policy mode.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...