Microsoft Client VPN and Split Tunnelling - nothing works!

cbeswick · ‎09-18-2006

Hi,

A question that has been asked many times before, however no solution seems to work. We are due to roll out remote access VPN to staff using (preferably) the Microsoft XP VPN client (for ease of integration and logging on), however I have been unable to get split tunnelling to work. The configuration on the ASA is as it should be, and works fine with the Cisco VPN client incidentally, but I cannot get it to work using the windows xp client. I have followed all the recommended configurations including disabling the default gateway in advanced ip settings. Is there a compatibility issue with the microsoft vpn client (L2TP) and the Cisco ASA's ?

Will we be limited to the Cisco VPN client only ?

Also - I understand the security implications with split tunnelling. All remote access will be via company supplied laptops with antivirus and mobile content filtering via surf control within the corporate LAN.

Any help will be appreciated.

ccna2 · ‎09-19-2006

Hi,

The ASA does not support the L2TP/Windows XP VPN Client. So you will have to use the Cisco VPN Client or WebVPN.

About Split Tunnelling you don't mention any software Firewall. This is a very important step, since a Hacker could gain access to your PC via LAN or the Internet (depending on your ST configuration) and potentially use it to piggyback on to your company network. A very good idea when using ST is to force the Cisco VPN Client Integrated Firewall using the client-firewall command in group-policy mode.