Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
555
Views
0
Helpful
5
Replies

SSL VPN Full and Split Tunnel Config Question

tkuzma1022
Level 1
Level 1

‎09-23-2008 05:28 AM - edited ‎02-21-2020 03:57 PM

I am Beta testing SSLVPN on an IOS router. The question I have is this:

Is it possiable to have slit and full tunnel configs. It seems that once you create your context and default profile that is all you have either split or full. The books say you can use Radius and assign different profiles but, I would like to give the users a choice (like in the VPN3000 .pcf) of either split or full depending on where they are working from.

Labels:
0 Helpful
5 Replies 5

andrew.prince
Level 10
Level 10

‎09-25-2008 04:14 AM

The below is an example using the ASA - but the principle remains the same:-

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_example09186a0080975e83.shtml

HTH>

0 Helpful

tkuzma1022
Level 1
Level 1
In response to andrew.prince

‎09-25-2008 07:13 AM

Thank-you for your reply. It seems that in the IOS you can have one Context and Profile assocateed to the IPaddree so, xx.xx.xx.1 is full tunnel and it appears that you have to have a second Context / Profile for a split tunnel.

It appears the better choice maybe the ASA for doing SSLVPN

0 Helpful

andrew.prince
Level 10
Level 10
In response to tkuzma1022

‎09-25-2008 08:39 AM

Yes - the ASA appears to be better suited to your requirements.

HTH>

0 Helpful

tkuzma1022
Level 1
Level 1
In response to andrew.prince

‎09-25-2008 11:10 AM

Sorry Andrew one more question about your SSLVPN on and ASA.

You have both full and split tunnels running on one interface?

0 Helpful

andrew.prince
Level 10
Level 10
In response to tkuzma1022

‎09-25-2008 11:16 AM

Yes you do - you just have different profiles/groups that have different capabilities.

On a test ASA SSL VPN - I have had:-

1) Clientless

2) Thin-client

3) Full Client

Option 3 with either full tunneling or Split tunneling.

HTH>

0 Helpful
Customers Also Viewed These Support Documents
Top