05-23-2016 07:19 AM
Hi Guys,
Looking to configure the split-tunnel for Any connect VPN.
Need to configure the access-list as, access-list name standard deny host 0.0.0.0 in asa 9.4(1)
while giving this command its showing invalid IP address, but after giving this command if i give question mark its showing cr.
05-23-2016 08:30 AM
Hi,
May I know what is the exact requirement to configure this deny statement ?
Regards,
Aditya
Please rate helpful posts and mark correct answers.
05-23-2016 10:18 AM
Hi Aditya,
This is regards to deny the LAN traffic. Let me say you from the beginning.
An remote user(extra-net) is accessing the internal(Organization) resources through Cisco any connect VPN.
After connecting with VPN, I want to encrypt the user's Internet traffic, intranet traffic only, not his LAN traffic. LAN traffic which means the same user, is taking the RDP of another user. For example the user is using from their home so that the user can take a RDP of another user as well as can also connect VPN.
Regards,
G.Pitchaimani
05-23-2016 07:12 PM
Hi,
You can
Check the following link for more info:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/70847-local-lan-pix-asa.html
Regards,
Aditya
Please rate helpful posts and mark correct answers.
05-23-2016 09:41 PM
Hi,
we are using the ASA 5585 with the version of 9.4(1), here we cannot able to deploy the access-list as, access-list access_name standard deny/permit host 0.0.0.0
Regards,
G.Pitchaimani
05-23-2016 09:57 PM
Hi,
I was able to do that at my end.
May I know what error do you get while doing so ?
Also could you share the config snippet for the group-policy ?
Regards,
Aditya
Please rate helpful posts and mark correct answers.
05-24-2016 01:22 AM
Hi,
I cant able to deploy the access-list with the deny host 0.0.0.0
access-list access_list_name standard deny host 0.0.0.0
group-policy group_policy_name attributes
split−tunnel−policy tunnelspecified
split−tunnel−network−list value access_list_name
Regards,
G.Pitchaimani
05-24-2016 05:53 AM
05-24-2016 06:34 AM
Hi,
You are hitting this bug:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuu48626/?reffering_site=dumpcr
You can use the workaround mentioned in the bug.
Regards,
Aditya
Please rate helpful posts and mark correct answers.
05-24-2016 11:13 PM
Hi,
we have tried with host 0.0.0.0 or host ::, it is not working and tried with adding a object network and that is also not working .
Regards,
G.Pitchaimani
05-24-2016 11:28 PM
Hi,
In that case please upgrade to the recommended version and check.
Regards,
Aditya
Please rate helpful posts and mark correct answers.
05-25-2016 12:20 AM
Hi,
we are using the OS version of 9.4.1
Regards,
G.Pitchaimani
05-25-2016 12:34 AM
Hi,
Recommended version is 9.4.2.
Regards,
Aditya
Please rate helpful posts and mark correct answers.
05-25-2016 12:51 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide