Link to home
Start Free TrialLog in
Avatar of brucehunter
brucehunterFlag for Afghanistan

asked on

Configuring Split tunnelling locally

 I have a Sonicwall VPN client connected thru an ASA 5520 across the internet and terminating on a Sonicwall Firewall (VPN Server). I have no internet access thru the VPN so I need to enable split tunnelling. I cannot do this on the remote Sonicwall as its not mine, is there anyway of intercepting HTTP traffic on the ASA before it hits the tunnel and sending it to my proxy server. I know that policy based routing is not available on ASA

many thanks in advance

B
Avatar of arnold
arnold
Flag of United States of America image

See if your Sonicwall VPN client has an option that sets the VPN IP as the default gateway.  If this is not an option in the sonicwall, the issue is with the VPN configuration on the Sonicwall side.

You could alternatively add a lower metric route when a VPN connection is present
route add 0.0.0.0 mask 0.0.0.0 LAN-IP metric 0

route print will tell you what you routing table is.
Post the routing table with public IPs replaced with X.x.x.x if the above is not enough
Avatar of brucehunter

ASKER

Ok the problem is not with the VPN its working fine, the problem is that the company im connecting to accross the VPN dont allow internet access from remote clients.I dont have access to the Sonicwall VPN server so I cant configure split tunnelling.  I currently have to disconnect my VPN in order to access the internet. I thought maybee I could configure the ASA at my end in such a way as to send HTTP HTTPS to my proxy server while the VPN is up as opposed to accross the VPN.
Appologies I my original post was a bit unclear
ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
As already told, the client has to be changed, ASA (and any other router) has no knowledge about the traffic contents as it is encrypted.

You can try if you could trick the client into ignoring SonicWall VPN settings by changing local routes (chances are fifty-fifty):
AFTER connected, set this two routes:
route add 0.0.0.0 mask 128.0.0.0 your.gateway.address.here
route add 128.0.0.0 mask 128.0.0.0 your.gateway.address.here

Some VPN clients check for existing routes, and remap all found if split-tunneling is not allowed. If above routes exist BEFORE connected, they might be remapped. If so, you have to delete them after disconnect or before connect, and recreate them while connected.