Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
311
Views
0
Helpful
3
Replies

Split tunnel question

Jay Cambell
Level 1
Level 1

‎06-09-2017 03:59 AM

How do I set up split tunnel so that the user is pulling internet local and not from the anyconnect client? 

Labels:
0 Helpful
3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

‎06-09-2017 06:59 AM

I am going to assume you are using an ASA.

First create an access list stating what resources are internal.

access-list vpn-access standard permit 192.168.0.0 255.255.0.0

And then add it to your VPN policy.

group-policy xxx attributes
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value vpn-access
0 Helpful

Jay Cambell
Level 1
Level 1
In response to Philip D'Ath

‎06-11-2017 05:58 AM

Ok. If I need the user to access specific devices on the network I would create the below.

Group-policy xxx attributes

vpn-filter value blockaccess

access-list blockaccess permit x.x.x.x x.x.x.x

access-list blockaccess deny ip any any

I have a question if you dont know the local ip address on the specified network for split tunnel how do you configure it?

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to Jay Cambell

‎06-11-2017 12:56 PM

Yes, that concept will work.  And yes - you need to know the IP address of anything you want to allow or block.  It is not possible to configure something you do not know.

0 Helpful
Customers Also Viewed These Support Documents