Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

split tunnel is not working at l2tp over ipsec vpn at asa

Dears. my users connect l2tp over ipsec vpn. it is work. now i want the users can access internet. i configurated split tunnel. but users not access the internet at l2tp over ipsec vpn connection.

asa split tunnel configuration:

access-list DefaultRAGroup_splitTunnelAcl standard permit any

group-policy DefaultRAGroup attributes

dns-server value 192.168.193.10 192.168.193.11

vpn-tunnel-protocol IPSec l2tp-ipsec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl

default-domain value seydulxiyar.local

what must i do at asa?? must i do something at my pc??

please help me.

thanks.

3 REPLIES

Re: split tunnel is not working at l2tp over ipsec vpn at asa

For the default split tunnel, you only need to specify the internal network to be encrypted. Your config is tunnel all.

Create another access-list for the internal ip subnet only, and apply to the group.

Sent from Cisco Technical Support iPad App

New Member

Re: split tunnel is not working at l2tp over ipsec vpn at asa

thanks very much to help me. i solved the problem. i unchecked the default gateway on remote network. i can access internet but the new problem occur. now i can not access my local user. before this i can access local network when i unchecked this new problem occur.

how i solved this?

thanks.

New Member

Re: split tunnel is not working at l2tp over ipsec vpn at asa

ok i solved also this problem now i access internet and access my local network.

first  i configurated ipsec vpn and 1 month i used ipsec vpn. all of them are ok.,working.   then i configurated l2tp over ipsec .l am working with l2tp over ipsec vpn. all vpn connection are ok, all of them working perfectly at vpn connection.

but i want i to use both ipsec and l2tp over ipsec vpn.but how i use both of them?

i know i used one crypto map and i must be apply only one crypto map to my outside interface.

this my ipsec and l2tp over ipsec config.now i use only l2tp over ipsec vpn.

crypto isakmp policy 10                  this used for windows xp user for l2tp over ipsec vpn

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp policy 65535                 this used windows 7 and vista for l2tp over ipsec vpn

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

must i write new policy for ipsec vpn or policy 10  is enougth used for both vpn connection?

crypto ipsec transform-set RA-TS esp-3des esp-md5-hmac   --------i used this for ipsec connection.

crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac  ------- l2tp over ipsec

crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport

crypto ipsec transform-set aes128sha esp-aes esp-sha-hmac

crypto ipsec transform-set aes128sha mode transport

crypto ipsec transform-set aes256sha esp-aes-256 esp-sha-hmac

crypto ipsec transform-set aes256sha mode transport

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map DYN_MAP 10 set transform-set RA-TS        --- i used this for ipsec connection

crypto dynamic-map DYN_MAP 10 set reverse-route

crypto dynamic-map out_dyn_map 10 set transform-set TRANS_ESP_3DES_MD5 aes128sha aes256sha --  l2tp over ipsec

crypto map VPN_MAP 30 ipsec-isakmp dynamic DYN_MAP   i used this for ipsec connection

crypto map outside_map 65000 ipsec-isakmp dynamic out_dyn_map  l2tp over ipsec.

crypto map outside_map interface outside

iknow that i must be change something at this part.

the group ploicy and tunnel are normal at my config.

please write your comment.

thanks

2483
Views
0
Helpful
3
Replies
CreatePlease to create content