Cisco ASA 5510
Posted on 2015-02-19
Hi - I have Cisco ASA 5510 running ASA version 8.2(4) and I want to implement a simple split tunnel test for just one IP. The test is to be able to ping 126.96.36.199 when the Cisco AnyConnect tunnel is up and running. If I use my laptop and directly connect it to the ISP's wireless router, I am able to ping 188.8.131.52. The moment I use Cisco AnyConnect ver 3.1 the vpn tunnel is up and I'm not able to ping 184.108.40.206. ( there may be policies/Rule which are blocking it and I want it to stay like that). Instead, I want to implement Split-Tunneling
So, as a test I want to know what needs to be done so that Split-Tunnel allows ping to 220.127.116.11 even when the AnyConnect tunnel is up.
I have edited the 'Connection Profile' and created a new Group Policy called 'Test'. I then edited the new group policy 'Test' by going in to Advanced ->Split Tunneling:
->Policy ->Exclude Network List Below
->Network List: Test_ACL
The Test ACL has a single ACE entry under 'Standard ACL' tab, which is as follows:
Description: Ping Test
But, the Ping still goes through the AnyConnect Tunnel and is Timed out, why ? even though Split-Tunneling is configured it doesn't go out on the physical interface instead it uses the virtual VPN interface and gets dropped.
Please can you let me know why this is happening and what can be done to resolve it.