Re: VPN routing

MarkMark58076 · ‎08-09-2019

Hello All.

I have an ASA 5506 and i have 2 problems with my VPN.

1- when i make a split tunnel it works and i get access to the internet but i can't access my local network.

2- if im not using a split tunnel i can access my local network except one Subnet For example:

Servers Subnet:172.16.11.0/24

CCTV Subnet:172.16.18.0/24

i can access the Servers Subnet but i can't do the same with CCTV Subnet.

Can anyone help me with this??

Thanks in advance.

rishrapsody1 · ‎08-09-2019

Can you please share the config of your ASA

Alan Ng'ethe · ‎08-10-2019

Create a split tunnel that includes only the networks you wish to access. The access list referenced by the split tunnel command should encompass both subnets 172.16.11.0/24 and 172.16.18.0/24. Ensure the subnets are reachable from the ASA.

ciscoasa(config)#access-list Split_Tunnel_List remark The corporate network behind the ASA.
ciscoasa(config)#access-list Split_Tunnel_List standard permit 10.0.1.0 255.255.255.0

ciscoasa(config)#group-policy hillvalleyvpn attributes
ciscoasa(config-group-policy)#

ciscoasa(config-group-policy)#split-tunnel-policy tunnelspecified

ciscoasa(config-group-policy)#split-tunnel-network-list value Split_Tunnel_List

ciscoasa(config-tunnel-ipsec)# default-group-policy hillvalleyvpn general-attributes

ciscoasa(config-tunnel-ipsec)# default-group-policy hillvalleyvpn

ASA/PIX: Allow Split Tunneling for VPN Clients on the ASA Configuration Example

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.