Solved: Re: Split Tunnel issue

sgrg07 · ‎05-20-2020

Hi,

On our SSL Anyconnect client VPN set up we have a split tunnel configured to route all traffic for corporate network over the VPN and all other traffic over the local internet gateway.

I added a URL's public IP address to the split tunnel with view of routing traffic to the URL over the vpn instead of breaking out locally.

However this is not working.

Packet captures on the FW only show tcp SYN and Retransmission to the IP of the .

Am I missing somehting? Is there a feature I need to enable?
Any help will be highly appriciated.

Kind Regards,

Rob Ingram · ‎05-20-2020

Hi,

In order for the remote access VPN users to access this public IP address through the VPN tunnel, you will also need to configure the command same-security-traffic permit intra-interface to allow the traffic to hairpin and route the traffic out the same interface it came in on. And a nat rule (source and destination interfaces are both outside, or whatever you've called your interface). e.g:-

object network RAVPN_USERS
subnet 192.168.10.0 255.255.255.0
nat (outside,outside) dynamic interface

HTH

View solution in original post

Rob Ingram · ‎05-20-2020

Hi,

In order for the remote access VPN users to access this public IP address through the VPN tunnel, you will also need to configure the command same-security-traffic permit intra-interface to allow the traffic to hairpin and route the traffic out the same interface it came in on. And a nat rule (source and destination interfaces are both outside, or whatever you've called your interface). e.g:-

object network RAVPN_USERS
subnet 192.168.10.0 255.255.255.0
nat (outside,outside) dynamic interface

HTH

sgrg07 · ‎05-20-2020

Hi RJI,
Thanks for the quick response, much appreciated. That did the trick for me :)
Wish you a good rest of the day.
Kind Regards,