05-07-2023 09:02 PM
Hi Team,
We have an AnyConnect remote access solution on an ASA headend with Split tunneling enabled.
We've got tunnelspecified enabled with RFC 1918 permitted over AnyConnect. How do I go about enabling local LAN access ?
Configuration snippet:
Group-policy:
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-tunnel-value
access-list split-tunnel-value standard permit 10.0.0.0 255.0.0.0
access-list split-tunnel-value standard permit 172.16.0.0 255.240.0.0
access-list split-tunnel-value standard permit 192.168.0.0 255.255.0.0
05-07-2023 09:14 PM
Hello
You mean, a user connected in the VPN be able to use the local network?
You need to deny the local network on the tunnel.
05-07-2023 09:22 PM
We've got thousands of AnyConnect users in the environment. It's not possible to deny each and every local network. Any one of them would want to access their local LAN. I still need RFC 1918 sent over tunnel and still be able to access Local LAN. Any thoughts?
05-07-2023 10:12 PM - edited 05-07-2023 10:13 PM
"It's not possible to deny each and every local network. Any one of them would want to access their local LAN. "
Thats the whole idea of spilt tunnel. If you can not do that you actually dont need split tunnel, just send a default router to the user through the vpn and done.
If you use split tunnel this means you want/can split the traffic.
05-07-2023 10:06 PM
Friend you use split tunnel' so any traffic not match split not pass throught tunnel' this include local.
What excatly you face ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide