Solved: VPN issue internet access

mjames_wdd · ‎07-17-2012

I'm trying to get client-based VPN running for our network (using our ASA), and have run in to a snag. I was able to figure out most of the settings, and get the VPN itself set up in such a way as the user can connect. However, once connected, the user loses internet access. I've tried searching around, but haven't found anything directly on point. There were a few references to split-tunneling, but I'm not sure that's what I'm missing.

Anyone have any ideas based on my configuration?

Thanks - Matt

Javier Portuguez · ‎07-17-2012

Hi and thank you for posting

All you need to add is this:

group-policy RA_VPN_Policy attributes

split-tunnel-policy tunnelspecified

So your group-policy will look like:

group-policy RA_VPN_Policy attributes

split-tunnel-network-list value foo_int_network

split-tunnel-policy tunnelspecified

With those two commands you will instruct the client on which networks to access over the tunnel, the rest of the traffic will flow through the local network where client connects from.

Further information:

ASA/PIX: Allow Split Tunneling for VPN Clients on the ASA Configuration Example

http://tools.cisco.com/squish/c1322

Let me know

* Please rate any post that you find helpful.

View solution in original post

Javier Portuguez · ‎07-17-2012

Hi and thank you for posting

All you need to add is this:

group-policy RA_VPN_Policy attributes

split-tunnel-policy tunnelspecified

So your group-policy will look like:

group-policy RA_VPN_Policy attributes

split-tunnel-network-list value foo_int_network

split-tunnel-policy tunnelspecified

With those two commands you will instruct the client on which networks to access over the tunnel, the rest of the traffic will flow through the local network where client connects from.

Further information:

ASA/PIX: Allow Split Tunneling for VPN Clients on the ASA Configuration Example

http://tools.cisco.com/squish/c1322

Let me know

* Please rate any post that you find helpful.