ASA Split -Tunnels

ftikphillips · ‎08-30-2006

I am doing a demo of the ASA and am having an issue with the split tunnel.

When a user connects via SSL and get the full tunnel client over SSL the user is not able to connect to anything on their local LAN. When bringing up the status box it says Local LAN: Disabled. I have gone through the docs and it appears that I have two options: 1) To allow local LAN access I have to tunnel ALL traffic including Internet traffic over the tunnel. 2) The other option is to only tunnel traffic over the tunnel to protected networks which lets the Internet traffic go out the local network, but the user can't reach anything on their local subnet. So if I were at home and had split tunnel configured to tunnel only protected traffic I wouldn't be able to communicate with other nodes on my local network which wouldn't work for users that have printers at home shared.

Thanks

b.speltz · ‎09-05-2006

Configure the ASA via the Adaptive Security Device Manager (ASDM) or Configure the ASA via the CLI .Refer the following URL

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml#maintask1

ftikphillips · ‎09-05-2006

The problem with this scenario is that it tunnels all traffic, including Internet traffic, over the tunnel when I want the Internet traffic to go out the local connection. So if you were sitting at home, you could access your work network over the tunnel, Internet via your home network, and still access your local LAN resources. This configuration only allows local LAN access by tunneling all other traffic over the tunnel.