Re: question: split tunnel policy

WStoffel1 · ‎06-06-2013

what is the point of this?

split-tunnel-policy tunnelspecified

split-tunnel-network-list none

Jatin Katyal · ‎06-06-2013

split-tunnel-policy tunnelspecified ---> Specify the split tunnel policy. In this case the policy is tunnelspecified.

split-tunnel-network-list none

When there are no split tunneling network lists, users inherit any network lists that exist in the default or specified group policy. To prevent users from inheriting such network lists, use the split-tunnel-network-list none command.

http://www.cisco.com/en/US/docs/security/asa/asa81/command/ref/s8.html

Jatin Katyal
- Do rate helpful posts -

~Jatin

WStoffel1 · ‎06-06-2013

Well if the default group policy is

split-tunnel-policy tunnelall

split-tunnel-network-list none

And this policy is set to

group-policy MAC internal

group-policy MAC attributes

wins-server value 172.16.11.220

dns-server value 172.16.11.228

vpn-idle-timeout 30

split-tunnel-policy tunnelspecified

split-tunnel-network-list none

default-domain value acdc.com

user-authentication disable

isnt the net result for MAC the same as

split-tunnel-policy tunnelall?

WStoffel1 · ‎06-07-2013

Also ASDM doesnt seem to match when i change the above to

group-policy MAC attributes

wins-server value 172.16.11.220

dns-server value 172.16.11.228

vpn-idle-timeout 30

split-tunnel-policy tunnelspecified

split-tunnel-network-list value 105

Asdm still shows none? Yes it was refreshed. It was closed and opened as well. I would expect my network list to include 105.