In a basic VPN Client to ASA scenario, all traffic from the VPN Client is encrypted and sent to the ASA no matter what its destination is. Based on your configuration and the number of users supported, such a set up can become bandwidth intensive. Split tunneling can work to alleviate this problem since it allows users to send only that traffic which is destined for the corporate network across the tunnel. All other traffic such as instant messaging, email, or casual browsing is sent out to the Internet via the local LAN of the VPN Client.
Configure the ASA 8.x with Adaptive Security Device Manager (ASDM) 6.x:
To allow split tunneling for the users in the group, follow these steps to configure your tunnel group
- Choose Configuration > Remote Access VPN > Network (Client) Access > Group Policies, and choose the Group Policy in which you want to enable local LAN access. Then click Edit.
- Click Split Tunneling.
- Uncheck the Inherit box for Split Tunnel Policy, and chose Tunnel Network List Below.
- Uncheck the Inherit box for Split Tunnel Network List, and then click Manage in order to launch the ACL Manager.
- Within the ACL Manager, choose Add > Add ACL… in order to create a new access list.
- Provide a name for the ACL, and click OK.
- Once the ACL is created, choose Add > Add ACE… in order to add an Access Control Entry (ACE).
- Define the ACE that corresponds to the LAN behind the ASA. In this case, the network is 192.168.10.0/24.
- Click the Permit radio button.
- Choose the network address with mask 192.168.10.0/24 .
- (Optional) Provide a description.
- Click OK
- Click OK in order to exit the ACL Manager.
- Be sure that the ACL you just created is selected for Split Tunnel Network List.
- Click OK in order to return to the Group Policy configuration.
- Click Apply and then Send (if required) in order to send the commands to the ASA.
About CCIETalk
Connect with Us