Showing results for 
Search instead for 
Did you mean: 

Site to Site VPN - Internet access from branch office for a group of people in the office

Hi guys,

Our Headquarter (asa 5510) is running a site to site vpn connection with a Branch office (router 2811). All remote users are accesing the internet through the VPN and also accesing headquarter file servers.

My question is: I want to know if there is a way for some remote users to be able to use the vpn for accesing the file servers but to access the internet through the branch office.  The rest of the remote users will be still accessing the internet through VPN.

Is there any way i can achieve this scenario?

Thank you.

2 Replies 2

Andrew Phirsov
Rising star
Rising star

You have to:

1. create group-policy with split-tunnel acl, specifying wich traffic shold go throug the tunnel, and wich should go directly to the internet.

2. apply this group policy directly to users, for wich you want direct internet access:

username userX attributes

vpn-group-policy SPLIT_GP

Or just create for that users another connection profile (tunnel-group) and apply group-policy with split-acl to that connection profile.

Dear Andrew,

Thanks for your prompt response, could you please give me some helpful hyperlinks regarding your suggestion?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers