brucehunter
asked on
Configuring Split tunnelling locally
I have a Sonicwall VPN client connected thru an ASA 5520 across the internet and terminating on a Sonicwall Firewall (VPN Server). I have no internet access thru the VPN so I need to enable split tunnelling. I cannot do this on the remote Sonicwall as its not mine, is there anyway of intercepting HTTP traffic on the ASA before it hits the tunnel and sending it to my proxy server. I know that policy based routing is not available on ASA
many thanks in advance
B
many thanks in advance
B
ASKER
Ok the problem is not with the VPN its working fine, the problem is that the company im connecting to accross the VPN dont allow internet access from remote clients.I dont have access to the Sonicwall VPN server so I cant configure split tunnelling. I currently have to disconnect my VPN in order to access the internet. I thought maybee I could configure the ASA at my end in such a way as to send HTTP HTTPS to my proxy server while the VPN is up as opposed to accross the VPN.
Appologies I my original post was a bit unclear
Appologies I my original post was a bit unclear
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As already told, the client has to be changed, ASA (and any other router) has no knowledge about the traffic contents as it is encrypted.
You can try if you could trick the client into ignoring SonicWall VPN settings by changing local routes (chances are fifty-fifty):
AFTER connected, set this two routes:
route add 0.0.0.0 mask 128.0.0.0 your.gateway.address.here
route add 128.0.0.0 mask 128.0.0.0 your.gateway.address.here
Some VPN clients check for existing routes, and remap all found if split-tunneling is not allowed. If above routes exist BEFORE connected, they might be remapped. If so, you have to delete them after disconnect or before connect, and recreate them while connected.
You can try if you could trick the client into ignoring SonicWall VPN settings by changing local routes (chances are fifty-fifty):
AFTER connected, set this two routes:
route add 0.0.0.0 mask 128.0.0.0 your.gateway.address.here
route add 128.0.0.0 mask 128.0.0.0 your.gateway.address.here
Some VPN clients check for existing routes, and remap all found if split-tunneling is not allowed. If above routes exist BEFORE connected, they might be remapped. If so, you have to delete them after disconnect or before connect, and recreate them while connected.
You could alternatively add a lower metric route when a VPN connection is present
route add 0.0.0.0 mask 0.0.0.0 LAN-IP metric 0
route print will tell you what you routing table is.
Post the routing table with public IPs replaced with X.x.x.x if the above is not enough