Make a PayPal Donation


  KB 0000066
  Dated 09/11/09
  Revision 0.02
   
Enable Split Tunnel for IPSEC / SSLVPN / WEBVPN Clients
 
Problem

This is a simple job to do from command line, however the world is full of people who would rather spend an hour in the ASDM working out how to do it!

What is split tunneling?

This is the process of letting a remote VPN user browse the web etc from their location whilst connected to your VPN in this case via SSLVPN / WebVPN or IPSEC.
Solution
1. Launch the ASDM > Configuration > Network (Client) Access > Group Policies > Select your policy.
2. Edit > Select Advanced > Split Tunneling.
3. Next to Policy > Untick "Inherit" > Change to "Tunnel Network List Below".
4. Next to "Network List" remove the tick from Inherit > Click Manage.
5. Add ACL.
6. Call it something sensible like Split-Tunnel > OK.
7. Then click Add ACE > Select Permit and enter the network BEHIND THE ASA. > OK.
8. Should look a bit like this > OK.
9. Make sure it's listed > OK > Apply.
10.File > Save running configuration to flash.

Do the same from Command Line

Note: Where 10.0.0.0/24 is behind the ASA and your policy is called SSL_VPN

access-list Split-Tunnel standard permit 10.0.0.0 255.255.255.0
      group-policy SSL_Policy attributes
        split-tunnel-policy   tunnelspecified
        split-tunnel-network-list value Split-Tunnel
      configure terminal

 

If this post helped you, PLEASE take the time to +1 it.

Please be aware, all information is provided free, but it does cost me to have this site hosted, if I've helped you in any way, or saved you some time/cost please take time to make a donation.

If you have anything to add to an article, or have an article you would like us to publish please feel free to contact PeteNetLive. (Please be aware I get a LOT of email, I cannot assist and fix everyone's problems, please do not be offended if you do not get a response).
References - Credits - Or External Links
NA

 


powered by
Socialbar