Examples of Split Tunneling
Companion Video
I've created the following video to show you how to configure a split tunnel on a Cisco ASA security appliance.
Start by creating an access control list to permit a traffic-flow from the internal network:
access-list Split_Tunnel_List standard permit 192.168.101.0 255.255.255.0
Next, enter attributes configuration mode for the desired VPN group policy (in this example, the group-policy name is Account Reps NA):
group-policy "GroupPolicy_Account Reps NA" attributes
Now, specify the split tunnel mode. You can choose from the following three options:
- excludespecified (exclude only networks specified by split-tunnel-network-list)
- tunnelall (tunnel everything)
- tunnelspecified (tunnel only networks specified by split-tunnel-network-list)
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split_Tunnel_List
Watch the video for a complete demonstration of each of the commands.
For More Cisco ASA Configuration Information
Pick up a copy of my configuration guide The Accidental Administrator: Cisco ASA Security Appliance, available through Amazon and other resellers.
Please Leave a Comment
If you find this tutorial helpful or if you notice something that needs to be corrected, please leave a comment.
5 comments:
What should I do if I wanted the 'wihtOUT' setup?
Very nice. Thanks.
Nancy, you're welcome. I'm glad it was helpful.
very nice..thank you..
Can you please explain:
ciscoasa(config)#access-list Local_LAN_Access remark Client Local LAN Access
ciscoasa(config)#access-list Local_LAN_Access standard permit host 0.0.0.0
#split-tunnel-policy excludespecified
#split-tunnel-network-list value Local_LAN_Access
I have query regarding default route and all traffic, as of now when i configured this my all traffics is going through Remote Firewall only, how can i exclude particular network ?
Thank-you Don for the concise clear demonstration and explanation. Thank-you
Post a Comment