How to Configure an ASA VPN Split-Tunnel: Cisco ASA Training 101

Рет қаралды 56,897

soundtraining.net

Күн бұрын

Пікірлер: 21

@sajid1975 9 жыл бұрын

Because your videos are superb, I bought the book to add to my library, thanks for making life a little bit easier.

@soundtraining 9 жыл бұрын

sajid1975 I'm delighted to know that you like the videos. Thanks for buying my book.

@knaseer123 4 жыл бұрын

Good Videos with great explanation.... Thanks Don R. Crawley

@doncrawley 4 жыл бұрын

You're welcome. I'm glad you like them. Thanks for your comment.

@Brian-nz6ns 4 жыл бұрын

@8:23 I'm confused by your use of ACL's in place of what would normally be Object Groups. Why is a network list an ACL rule instead of an network object group?

@qh25 8 жыл бұрын

Excellent video. The example you showed is great in getting internet access, but what if you want internet to be tunneled also? Meaning, once connected to the VPN and I'm accessing the internet, I would like to use the IP of the ASA outside IP. Help please.... I've used the same-security permit intra-interface... did not work.

@Brian-nz6ns 4 жыл бұрын

You're using the term "split tunnel" but what part of the network are you splitting? The subnet that goes through the VPN tunnel or the subnet you DON't want to go through the VPN tunnel?

@Marclombeya 10 жыл бұрын

I am using a site to site connection between site A and site B through internet. Each of my two sites has an asa 5520. As the site to site vpn is established, users of the site B can access in the site A LAN but they cant access to the internet. How can i do to allow them to access to the internet?

@AndyConnock 9 жыл бұрын

Hi, so i have split tunneling enabled on my ASA to allow remote devices to see local network resources, but they are unable to see other networks connected via site-to-site vpn. while physically on the network, we can access these site to site networks, but when VPNd in, no luck. looking at your video, i'm comfortable saying split tunneling is set up properly, but something else is blocking the VPN client at home from seeing those other networks. any ideas?

@kool1311 5 жыл бұрын

If user try to connect to inside host with domain name instead of private ip address. How vpn client resolve domain name to private ip address?

@johnstem5538 5 жыл бұрын

Hi Dan, what happens if you uncheck Inherit for Policy and choose Tunnel Network List Below, then you check Inherit for the Network List? I have that set up on my firewall and it inherits an ACL which is in the Network List if you uncheck Inherit and click Manage to select it. Why does it select that ACL if Inherit is checked? I can see it in the Anyconnect client where it shows the secured routes, and i have internet connection, so split tunneling is working. I am really not following this, the internet connection should not be working. Thx

@estebannancolagos5918 11 жыл бұрын

if the remote user uses the split tunnel, and go to the internet, with what ip does it? with a IP from the ASA or from home ISP?

@soundtraining 11 жыл бұрын

Great question. When using a split tunnel, the remote user's IP address on the Internet will be assigned by the remote ISP. The VPN client will get its IP address across the tunnel from the ASA.

@robemd2002 10 жыл бұрын

Hi, Can you post a video for hairpinning (ipsec site to site and vpn client) Thanks.

@jeffwiley7065 8 жыл бұрын

I've done this setup but it won't let me RDP into other servers on the inside network.

@Netguru786 9 жыл бұрын

Hi- i have setup a site to site vpn tunnel using my ASA5512 the tunnel is up but my laptop that triggers the traffic to the remote site the pings timeout how do i enable the icmp rule to allow the traffic from the internal host laptop to the remote side pc.

@soundtraining 9 жыл бұрын

+Samih Khan It's probably because the ASA, in it's default configuration, doesn't permit ICMP. I just published a blog post showing how to allow ICMP packets. Here's the link to the post: blog.soundtraining.net/2016/02/allowing-ping-through-asa.html. I hope it's helpful.

@AlessandroSpiandore 11 жыл бұрын

Very good. Solve my problem.

@kef1408 10 жыл бұрын

I done this but can't ping inside network but a inside computer can ping a vpn client :( any help ?

@kef1408 10 жыл бұрын

Hi Don, Maybe this helps when we do a packet trace with icmp from outside 2 inside this is the drop reason Phase: 8 Type: VPN Subtype: ipsec-tunnel-flow Result: DROP Config: Additional Information: Forward Flow based lookup yields rule: in id=0xcc157d20, priority=69, domain=ipsec-tunnel-flow, deny=false hits=2, user_data=0x874fc, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip/id=10.2.5.1, mask=255.255.255.255, port=0, tag=0 dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0 input_ifc=outside, output_ifc=any Result: input-interface: outside input-status: up input-line-status: up output-interface: inside output-status: up output-line-status: up Action: drop Drop-reason: (acl-drop) Flow is denied by configured rule