Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1194
Views
0
Helpful
2
Replies

ASA split tunnel

Pawan Raut
Level 4
Level 4

‎08-20-2019 05:58 PM

Hi I want to do split tunnel in anyconnect vpn. All traffic should go via tunnel except zoom meeting and it should go via local internet 

Labels:
0 Helpful
2 Replies 2

Afolarin Omole
Level 1
Level 1

‎08-21-2019 03:15 AM

@Pawan Raut 

I think you are doint the same traditional split tunelling where RA users can access corporate network and internet. This involves the below stage ,

  • defining your ACL
  • associating the ACL with tunnel group policy

Please remember the ACL should specify the traffic to be protected . Please follow this link :

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/70847-local-lan-pix-asa.html#anc8

 

NOTE : you can either excludespecified or tunnelspecified

 

Please rank this post .

0 Helpful

mkazam001
Level 3
Level 3

‎08-28-2019 09:17 AM

Here is the config:

This will encrypt traffic & send over vpn to that destinsation, everything else will be routed locally.

In your scenario, you could try try permit any over the tunnel & deny the zoom meeting IP addresses - not sure if that would work but might be worth a try.

Regards, mk

 

access-list split-tunnel standard permit 192.168.1.0 255.255.255.0
group-policy TELECOMM attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-tunnel
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card