Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 326
  • Last Modified:

Cisco ASA 5510

Hi - I have Cisco ASA 5510 running ASA version 8.2(4) and I want to implement a simple split tunnel test for just one IP. The test is to be able to ping 4.2.2.2 when the Cisco AnyConnect tunnel is up and running. If I use my laptop and directly connect it to the ISP's wireless router, I am able to ping 4.2.2.2. The moment I use Cisco AnyConnect ver 3.1 the vpn tunnel is up and I'm not able to ping 4.2.2.2. ( there may be policies/Rule which are blocking it and I want it to stay like that). Instead, I want to implement Split-Tunneling

So, as a test I want to know what needs to be done so that Split-Tunnel allows ping to 4.2.2.2 even when the AnyConnect tunnel is up.

I have edited the 'Connection Profile' and created a new Group Policy called 'Test'. I then edited the new group policy 'Test' by going in to Advanced ->Split Tunneling:
->Policy ->Exclude Network List Below
->Network List: Test_ACL

The Test ACL has a single ACE entry under 'Standard ACL' tab, which is as follows:

Address: 4.2.2.2
Action: Permit
Description: Ping Test

But, the Ping still goes through the AnyConnect Tunnel and is Timed out, why ? even though Split-Tunneling is configured it doesn't go out on the physical interface instead it uses the virtual VPN interface and gets dropped.

Please can you let me know why this is happening and what can be done to resolve it.

Thx Adam
0
adam_kan2000
Asked:
adam_kan2000
  • 2
2 Solutions
 
James HIT DirectorCommented:
Did you uncheck Policy to inherit from the Split Tunnel network?

Check this guide and see if it doesn't help.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100936-asa8x-split-tunnel-anyconnect-config.html
0
 
adam_kan2000Author Commented:
The Policy to inherit is unchecked, and I have already gone through this document.

Thanks :)

Adam
0
 
adam_kan2000Author Commented:
I have abandon this activity.
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now