Split Tunneling with Cisco ASA 5505

Split Tunneling with Cisco ASA 5505

Choose Configuration > Remote Access VPN > Network (Client) Access > SSL VPN Connection Profiles and under Access Interfaces, click the check boxes Allow Access and Enable DTLS for the outside interface. Also, check the Enable Cisco AnyConnect VPN Client or legacy SSL VPN Client access on the interface selected in the table below check box in order to enable SSL VPN on the outside interface.

Choose Configuration > Remote Access VPN > Network (Client) Access > Advanced > SSL VPN > Client Settings > Add in order to add the Cisco AnyConnect VPN client image from the flash memory of ASA.

anyconnect-win-3.1.14018-k9.pkg

Click OK.

Choose Configuration > Remote Access VPN > Network (Client) Access > Group Policies in order to create an internal group policy clientgroup. Under the General tab, select the SSL VPN Client check box in order to enable the WebVPN as tunneling protocol.

In the Advanced > Split Tunneling tab, uncheck the Inherit check box for Split Tunnel Policy and chose Tunnel Network List Below from the drop down list.

Uncheck the Inherit check box for Split Tunnel Network List and then click Manage in order to launch the ACL Manager.

Within the ACL Manager, choose Add > Add ACL… in order to create a new access list.

Provide a name for the ACL and click OK.

Once the ACL name is created, choose Add > Add ACE in order to add an Access Control Entry (ACE).

Define the ACE that corresponds to the LAN behind the ASA. In this case, the network is 10.77.241.128/26 and select Permit as the Action.

Click OK in order to exit the ACL Manager.

Make sure that the ACL you just created is selected for the split-tunnel Network List. Click OK in order to return to the Group Policy configuration.

On the main page, click Apply and then Send (if required) in order to send the commands to the ASA.

About the author: admin