08-28-2012 12:10 PM - edited 02-21-2020 06:18 PM
This should be a simple problem to resolve but I can't seem to find an answer. How do I configure the ASA5510 to allow VPN clients to have access to the Internet while they are connected via AnyConnect?
Thanks in advance.
Ed
08-28-2012 01:24 PM
You need split-tunneling:
group-policy VPN attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN-SPLIT
where VPN-SPLIT is a standard ACL with your internal networks that your VPN-clients should reach through the tunnel. Everything not in that list is allowed in clear by the client.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
08-28-2012 02:16 PM
Thank you for your quick response. I'll give it a try.
12-25-2012 11:04 PM
Dear Friend,
i did the configuration but still not working.
I will appreciate your reply.
Regards
saeed ullah
12-26-2012 11:05 AM
If you've done exactly what karsten said, everything should work fine.
12-26-2012 05:01 PM
Hello Saeed,
Share the configuration ( With the changes you have done so we can help as the solution was given by Karsten then we will need to check what is wrong with the config you have there)
Julio Carvajal S
12-27-2012 10:38 AM
split tunnel configuration is not enough on its own.
You should also configure the corresponding nat exempt rule.
In addition, make sure that the subnet you entered in split tunneling, shows up at the routes tab in anyconnect client details.
Post your config so I can advise.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: