cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7766
Views
5
Helpful
2
Replies

Full Tunnel vs Split Tunnel

Christine_Lane
Level 1
Level 1

This may seem like a simple question but it is one which I cannot find in any of the documentation.

I have a client with multiple IPSEC L2L VPNs head-ended on an ASA 5512.

According to the client some of these VPNs are split tunnel and some are full tunnel (i.e. traffic from the remote site has to traverse the VPN in order to gain access to the Internet).  This requirement is due to DoD auditing requirements).

Looking at the VPN configs I cannot determine what makes a VPN "full tunnel" vs "split tunnel'.  I can see the parameters in remote access VPNs but not for L2L.

Can someone point out what I am not seeing?

Thanks.

1 Accepted Solution

Accepted Solutions

Philip D'Ath
VIP Alumni
VIP Alumni

Look for "split-tunnel-policy xxx".  It it says "tunnelspecified" then it is using a split tunnel, which is specified by "split-tunnel-network-list value xxx".

View solution in original post

2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

Look for "split-tunnel-policy xxx".  It it says "tunnelspecified" then it is using a split tunnel, which is specified by "split-tunnel-network-list value xxx".

Abaji Rawool
Level 3
Level 3

Hi,

If these are IPSEC-L2L VPNs you need to check the crypto map ACLs for all the peers. The peers with full tunnel will have a ACL with source as Any and destination as remote network.

HTH,

Abaji.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: