Solved: Full Tunnel vs Split Tunnel

Christine_Lane · ‎06-04-2016

This may seem like a simple question but it is one which I cannot find in any of the documentation.

I have a client with multiple IPSEC L2L VPNs head-ended on an ASA 5512.

According to the client some of these VPNs are split tunnel and some are full tunnel (i.e. traffic from the remote site has to traverse the VPN in order to gain access to the Internet). This requirement is due to DoD auditing requirements).

Looking at the VPN configs I cannot determine what makes a VPN "full tunnel" vs "split tunnel'. I can see the parameters in remote access VPNs but not for L2L.

Can someone point out what I am not seeing?

Thanks.

Philip D'Ath · ‎06-04-2016

Look for "split-tunnel-policy xxx". It it says "tunnelspecified" then it is using a split tunnel, which is specified by "split-tunnel-network-list value xxx".

View solution in original post

Philip D'Ath · ‎06-04-2016

Look for "split-tunnel-policy xxx". It it says "tunnelspecified" then it is using a split tunnel, which is specified by "split-tunnel-network-list value xxx".

Abaji Rawool · ‎06-05-2016

Hi,

If these are IPSEC-L2L VPNs you need to check the crypto map ACLs for all the peers. The peers with full tunnel will have a ACL with source as Any and destination as remote network.

HTH,

Abaji.

Full Tunnel vs Split Tunnel

AnyConnect Split Tunneling (Local Lan Access, Split Tunneling, Static & Dynamic (domain)

What about split tunnelling?

[原创]6to4 tunnel

Dynamic Split Tunneling in AnyConnect VPN

Full Tunneling stopped working