05-20-2009 06:26 PM - edited 03-11-2019 08:34 AM
Hi Expert,
I have a requirement which asks for tunneling all traffic from vpn client except for 3 public IP addresses. The Client VPN terminates on ASA 5510 version 7.2(4)
The configuration I tried are as below:
access-list exclude_1 extended permit ip 10.24.30.0 255.255.255.0 host 202.3.10.210
access-list exclude_1 extended permit ip 10.24.30.0 255.255.255.0 host 202.3.10.222
access-list exclude_1 extended permit ip 10.24.30.0 255.255.255.0 host 203.2.190.222
group-policy BartterPolicy attributes
wins-server value 10.1.0.63 10.3.0.1
dns-server value 10.1.0.63 10.3.0.1
vpn-tunnel-protocol IPSec
split-tunnel-policy excludespecified
split-tunnel-network-list value exclude_1
but from the stats - route details it stills shows 0.0.0.0 in the secure routes which means tunnel all traffic.
Any idea why this is happening. Thanks in advance.
05-21-2009 03:35 AM
What version of code are you running?
try a different approach:-
split-tunnel-policy tunnelspecified
split-tunnel-network-list value exclude_1
access-list exclude_1 extended deny ip 10.24.30.0 255.255.255.0 host 202.3.10.210
access-list exclude_1 extended deny ip 10.24.30.0 255.255.255.0 host 202.3.10.222
access-list exclude_1 extended deny ip 10.24.30.0 255.255.255.0 host 203.2.190.222
access-list exclude_1 extended permit ip 10.24.30.0 255.255.255.0 any
HTH>
05-21-2009 07:34 PM
No luck. with this all internal access is not working but Internet access works with any restriction.
05-21-2009 10:34 PM
post the relevant config for review.
06-04-2009 11:07 AM
the checkbox on the client for allow local lan needs to be checked.
06-09-2009 12:29 PM
Under splittunneling access list try adding the IP of the gateway on the remote client side
Also enable split dns
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide