Solved

VPN Split Tunnel Cisco ASA

Posted on 2013-01-16
4
500 Views
Last Modified: 2013-01-18
I have a production ASA which is configured for client vpn.  The VPN works; however, when initiated I cannot see my local lan or the internet.  I enabled split tunneling through the GUI and was still unable to see my local network.

I have disabled split tunneling and attached a copy of the running config.  It is a bit confusing as there are some unsuccessful VPN attempts still in the config.
config.docx
0
Comment
Question by:dhuff2012
  • 2
4 Comments
 
LVL 18

Expert Comment

by:fgasimzade
ID: 38785966
Add the following to your config

access-list outside_access_in permit ip 10.11.12.0 255.255.255.0 10.1.1.0 255.255.255.224


See if it works. Make sure the firewall on PC behind your PIX is configured to allow ICMP.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 38787302
Cisco ASA - Enable Split Tunnel for IPSEC / SSLVPN / WEBVPN Clients

Add

vpngroup sscadm1n2 split-tunnel RemoteVPN_splitTunnelAcl
access-list RemoteVPN_splitTunnelAcl permit ip 10.1.1.0 255.255.255.224 any


Should do you

Pete
0
 

Author Comment

by:dhuff2012
ID: 38788881
Hi Pete:

I put your commands in but they had to be put in reverse order.  I've attached the current config.  Is this what it should look like?  Also, what can I get rid of?
David
config2.docx
0
 
LVL 18

Accepted Solution

by:
fgasimzade earned 500 total points
ID: 38792826
You need to add the access list I suggested to allow traffic from outside to inside
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question