Solved

VPN Split Tunnel Cisco ASA

Posted on 2013-01-16
4
496 Views
Last Modified: 2013-01-18
I have a production ASA which is configured for client vpn.  The VPN works; however, when initiated I cannot see my local lan or the internet.  I enabled split tunneling through the GUI and was still unable to see my local network.

I have disabled split tunneling and attached a copy of the running config.  It is a bit confusing as there are some unsuccessful VPN attempts still in the config.
config.docx
0
Comment
Question by:dhuff2012
  • 2
4 Comments
 
LVL 18

Expert Comment

by:fgasimzade
ID: 38785966
Add the following to your config

access-list outside_access_in permit ip 10.11.12.0 255.255.255.0 10.1.1.0 255.255.255.224


See if it works. Make sure the firewall on PC behind your PIX is configured to allow ICMP.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 38787302
Cisco ASA - Enable Split Tunnel for IPSEC / SSLVPN / WEBVPN Clients

Add

vpngroup sscadm1n2 split-tunnel RemoteVPN_splitTunnelAcl
access-list RemoteVPN_splitTunnelAcl permit ip 10.1.1.0 255.255.255.224 any


Should do you

Pete
0
 

Author Comment

by:dhuff2012
ID: 38788881
Hi Pete:

I put your commands in but they had to be put in reverse order.  I've attached the current config.  Is this what it should look like?  Also, what can I get rid of?
David
config2.docx
0
 
LVL 18

Accepted Solution

by:
fgasimzade earned 500 total points
ID: 38792826
You need to add the access list I suggested to allow traffic from outside to inside
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to setup a Voice VLAN on a Cisco Meraki MS220-24 3 89
Gateway Resilience 4 49
Radius Debug Error 16 55
Cisco universal IOS upgrade from ipbase to ipservices 4 65
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now