Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1208
Views
0
Helpful
2
Replies

ASA 5520 Version 8.2(1) Split tunnel enable Process

Go to solution
Md.Mosharof Hossain
Level 1
Level 1

‎09-25-2013 10:01 PM - edited ‎03-11-2019 07:43 PM

Hi,

We have configured a cisco ASA 5520 firewall as a remote VPN. Remote VPN user connected properly but VPN user disconnected form internet. So we need to configure split tunnel. Please help us how to configure split tunnel and require parameters/field. Thanks...

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎09-26-2013 12:50 AM

Hi,

The setup is usually pretty easy

First you should create a Standard ACL that defines the networks which are found behind the VPN connection from the users perspective. In other words the networks that need to be tunneled.

For example if your LAN networks was 10.0.0.0/24

access-list SPLIT-TUNNEL standard permit 10.0.0.0 255.255.255.0

Then you would need to configure some additional things in your VPN client connections "group-policy"

For example

group-policy CLIENT attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value SPLIT-TUNNEL

The above would essentially handle the Split Tunnel portion of the configurations. The "split-tunnel-policy" command specifies how the network selection for the VPN is handled. It might aswell be configured to specify Full Tunnel or to simply Exclude some networks. The "split-tunnel-network-list value" command tells the ASA the networks used in the Split Tunnel (the ACL we created)

Hope this helps

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎09-26-2013 12:50 AM

Hi,

The setup is usually pretty easy

First you should create a Standard ACL that defines the networks which are found behind the VPN connection from the users perspective. In other words the networks that need to be tunneled.

For example if your LAN networks was 10.0.0.0/24

access-list SPLIT-TUNNEL standard permit 10.0.0.0 255.255.255.0

Then you would need to configure some additional things in your VPN client connections "group-policy"

For example

group-policy CLIENT attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value SPLIT-TUNNEL

The above would essentially handle the Split Tunnel portion of the configurations. The "split-tunnel-policy" command specifies how the network selection for the VPN is handled. It might aswell be configured to specify Full Tunnel or to simply Exclude some networks. The "split-tunnel-network-list value" command tells the ASA the networks used in the Split Tunnel (the ACL we created)

Hope this helps

- Jouni

0 Helpful

Go to solution
Md.Mosharof Hossain
Level 1
Level 1
In response to Jouni Forss

‎09-28-2013 09:17 PM

Hi Jouni,

Thanks for your help. Now the split tunnel is working...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card