Solved

Cisco ASA 5510

Posted on 2015-02-19
3
284 Views
Last Modified: 2015-03-17
Hi - I have Cisco ASA 5510 running ASA version 8.2(4) and I want to implement a simple split tunnel test for just one IP. The test is to be able to ping 4.2.2.2 when the Cisco AnyConnect tunnel is up and running. If I use my laptop and directly connect it to the ISP's wireless router, I am able to ping 4.2.2.2. The moment I use Cisco AnyConnect ver 3.1 the vpn tunnel is up and I'm not able to ping 4.2.2.2. ( there may be policies/Rule which are blocking it and I want it to stay like that). Instead, I want to implement Split-Tunneling

So, as a test I want to know what needs to be done so that Split-Tunnel allows ping to 4.2.2.2 even when the AnyConnect tunnel is up.

I have edited the 'Connection Profile' and created a new Group Policy called 'Test'. I then edited the new group policy 'Test' by going in to Advanced ->Split Tunneling:
->Policy ->Exclude Network List Below
->Network List: Test_ACL

The Test ACL has a single ACE entry under 'Standard ACL' tab, which is as follows:

Address: 4.2.2.2
Action: Permit
Description: Ping Test

But, the Ping still goes through the AnyConnect Tunnel and is Timed out, why ? even though Split-Tunneling is configured it doesn't go out on the physical interface instead it uses the virtual VPN interface and gets dropped.

Please can you let me know why this is happening and what can be done to resolve it.

Thx Adam
0
Comment
Question by:adam_kan2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 17

Assisted Solution

by:Spartan_1337
Spartan_1337 earned 500 total points
ID: 40619140
Did you uncheck Policy to inherit from the Split Tunnel network?

Check this guide and see if it doesn't help.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100936-asa8x-split-tunnel-anyconnect-config.html
0
 

Accepted Solution

by:
adam_kan2000 earned 0 total points
ID: 40620107
The Policy to inherit is unchecked, and I have already gone through this document.

Thanks :)

Adam
0
 

Author Closing Comment

by:adam_kan2000
ID: 40670015
I have abandon this activity.
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco VOIP Question 1 70
Extended ping 6 56
pfsense upgrade from 2.2.6 to 2.3.3 28 90
Cisco 2504 Wireless LAN Controller and Network Folder no showing computers 8 13
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question