Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
592
Views
0
Helpful
1
Replies

VPN split tunnel and access to local LAN

endpoint
Level 1
Level 1

‎08-01-2014 08:14 AM

Hello

i have requirement to provide the following:

secure access to corporate network (10.0.0.0)

access to local LAN (192.168.1.0)

access to Internet via local ISP (not thru tunnel).

 

 According to ASDM VPN wizard, i have three options when vpn:

1 – Tunnel network listed below - split tunnel meaning you define what subnet will be protected and tunneled thru VPN. So, if you define 10.0.0.0 to go thru vpn tunnel, Internet browsing only will go using your local ISP provider. You can ping your local default gateway but no access to local LAN.

2 – Tunnel all network - all traffic goes thru tunnel, including internet browsing. No access to local LAN

3 – Exclude network listed below – all traffic including internet browsing goes thru tunnel and local LAN access I allowed.

 

So far I was unable to have subnet 10.0.0.0 tunneled thru VPN and access to local LAN and access to local internet on the same VPN profile. I need to know if this is possible or not. So far I was unable to get it going. All other combinations are working as expected. 

 

Not sure if this combo is available. If someone shed some lights would be greatly appreciated. I dont need a working config, just trying to understand is it possible or not. 

thanks

 

 

 

 

Labels:
0 Helpful
1 Reply 1

Dinesh Moudgil
Cisco Employee
Cisco Employee

‎08-02-2014 09:12 AM

Hi ,

Please try using "tunnel network listed below" options which should allow the users to access internal subnet ' through vpn tunnel , local subnet normally and internet as well.
Try the following group-policy:-

access-list sat-test standard permit 10.0.0.0 255.255.0.0

group-policy test attributes
 vpn-tunnel-protocol ssl-client ssl-clientless
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value test

Regards,
Dinesh Moudgil
 

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents