| KB | 0000066 | |
| Dated | 09/11/09 | |
| Revision | 0.02 | |
Enable Split Tunnel for IPSEC / SSLVPN / WEBVPN Clients |
||
| Problem | ||
This is a simple job to do from command line, however the world is full of people who would rather spend an hour in the ASDM working out how to do it! What is split tunneling? This is the process of letting a remote VPN user browse the web etc from their location whilst connected to your VPN in this case via SSLVPN / WebVPN or IPSEC. |
||
| Solution | ||
 |
1. Launch the ASDM > Configuration > Network (Client) Access > Group Policies > Select your policy. |
 |
2. Edit > Select Advanced > Split Tunneling. |
 |
3. Next to Policy > Untick "Inherit" > Change to "Tunnel Network List Below". |
 |
4. Next to "Network List" remove the tick from Inherit > Click Manage. |
 |
5. Add ACL. |
 |
6. Call it something sensible like Split-Tunnel > OK. |
 |
7. Then click Add ACE > Select Permit and enter the network BEHIND THE ASA. > OK. |
 |
8. Should look a bit like this > OK. |
 |
9. Make sure it's listed > OK > Apply. |
 |
10.File > Save running configuration to flash. |
Do the same from Command Line Note: Where 10.0.0.0/24 is behind the ASA and your policy is called SSL_VPN access-list Split-Tunnel standard permit 10.0.0.0 255.255.255.0 |
|
