Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
brugmanjorge
brugmanjorge
Community Member
‎01-17-2007 06:54 AM
‎01-17-2007 06:54 AM

Split Tunneling only for some remote Users

Hello Folks

I have a customer who has a PIX 6.3. Currently all remote VPN users goes through the internet through corporate since users are allowed to connect from their home machines (Split Tunneling OFF). Now, they will provide a corporate laptop to a user who will mainly perform work on the road and they need that certain traffic go directly from the laptop to the internet.

My question is, Is it possible to enable split tunnelling for a group of users and keep it disable for another group of users?

Is there a link where I can peek how this can be done?

Thanks in advance.

Labels:
0 Helpful
Reply
2 REPLIES
ali-franks
ali-franks
Community Member
‎01-17-2007 08:41 AM
‎01-17-2007 08:41 AM

Re: Split Tunneling only for some remote Users

Hi Jorge,

yes you can do it. Here's an excerpt from our PIX running 6.3(5)

Notice the different VPN groups - details changed :)

vpngroup A address-pool A

vpngroup A dns-server x.x.x.x

vpngroup A default-domain DOMAIN

vpngroup A idle-time 1800

vpngroup A password AAA

vpngroup B address-pool B

vpngroup B dns-server x.x.x.x

vpngroup B default-domain DOMAIN

vpngroup B split-tunnel NONAT

vpngroup B idle-time 1800

vpngroup B password BBB

access-list NONAT permit ip 255.255.255.0

255.255.255.240

If I were you I'd create a new address pool just for that user, which will allow for scalability if more road warriors come into the frame. Any additional can then be placed into the same vpngroup

HTH

Ali

0 Helpful
Reply
brugmanjorge
brugmanjorge
Community Member
‎01-17-2007 09:39 AM
‎01-17-2007 09:39 AM

Re: Split Tunneling only for some remote Users

Thanks Ali

0 Helpful
Reply
Latest Documents
Snort IPS on ISR, ISRv and CSR - Step-By-Step Configuration
Created by Kureli Sankar on 04-19-2018 11:25 AM
0
0
0
0
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin... view more
Upgrade Chassis Manager (FXOS)
Created by Jeet Kumar on 02-23-2018 02:51 AM
2
15
2
15
    Login to the FXOS chassis manager. Direct your browser to https://hostname/, and log-in using the user-name and password.     Go to Help > About and check the current version:    Check the current version availa... view more
ASA 5506-X with ipv6 no access to internet
Created by Klaxel on 02-08-2018 01:25 AM
3
5
3
5
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6. In Syslog I also se... view more
All Documents
438
Views
0
Helpful
2
Replies
CreatePlease to create content
Discussion
Blog
Document
Video
Popular Blogs
AnyConnect Certificate Based Authentication.
Created by Marvin Ruiz on 08-27-2012 05:20 PM
36
70
36
70
BLOG (No Title)
Created by athukral on 06-14-2011 04:23 AM
15
35
15
35
Wireless Hacking
Created by Anim Saxena on 01-24-2013 07:56 AM
2
20
2
20
All Blogs