Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN split tunnel and access to local LAN


i have requirement to provide the following:

secure access to corporate network (

access to local LAN (

access to Internet via local ISP (not thru tunnel).


 According to ASDM VPN wizard, i have three options when vpn:

1 – Tunnel network listed below - split tunnel meaning you define what subnet will be protected and tunneled thru VPN. So, if you define to go thru vpn tunnel, Internet browsing only will go using your local ISP provider. You can ping your local default gateway but no access to local LAN.

2 – Tunnel all network - all traffic goes thru tunnel, including internet browsing. No access to local LAN

3 – Exclude network listed below – all traffic including internet browsing goes thru tunnel and local LAN access I allowed.


So far I was unable to have subnet tunneled thru VPN and access to local LAN and access to local internet on the same VPN profile. I need to know if this is possible or not. So far I was unable to get it going. All other combinations are working as expected. 


Not sure if this combo is available. If someone shed some lights would be greatly appreciated. I dont need a working config, just trying to understand is it possible or not. 






Cisco Employee

Hi ,Please try using "tunnel

Hi ,

Please try using "tunnel network listed below" options which should allow the users to access internal subnet ' through vpn tunnel , local subnet normally and internet as well.
Try the following group-policy:-

access-list sat-test standard permit

group-policy test attributes
 vpn-tunnel-protocol ssl-client ssl-clientless
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value test

Dinesh Moudgil

P.S. Please rate helpful posts.