From: Alexei Monastyrnyi (alexeim@orcsoftware.com)
Date: Thu Oct 18 2007 - 18:55:11 ART
Thanks Jason.
This look like a variation of split-tunnelling methods for local LAN.
Since I am already doing "split-tunnel-policy tunnelspecified" I cannot
combine both of them. But apparently I don't have to.
It turned out that "Local LAN access - disabled" going from ASA doesn't
actually enforce disabling. I could access my local LAN when running SSL
VPN client (svc). I remember seeing a real enforcement of disabling
local LAN on VPN 3000 box when being that client with disabled local LAN
access). That is why the question came up.
So problem is solved by finding out that it never existed. :-)
Sorry for the mess.
A.
Jason Guy (jguy) wrote:
> Oh, geez.. I never touched the ASA. The IOS SSLVPN and the ASA do not
> share the same exact set of options from what I remember. The option
> would still be related to split tunneling.
>
> Here is a link that shows how to do it. It is not as straight forward
> as the IOS SSLVPN, but it is possible. :)
>
> http://www.cisco.com/en/US/products/ps6120/products_configuration_exampl
> e09186a0080702992.shtml
>
> Cheers,
> Jason
>
> -----Original Message-----
> From: Alexei Monastyrnyi [mailto:alexeim@orcsoftware.com]
> Sent: Monday, October 15, 2007 4:06 AM
> To: Jason Guy (jguy)
> Cc: ccielab@groupstudy.com
> Subject: Re: enabling Local LAN access for SSL VPN (SVC) clients / ASA
> 7.2.3
>
> Thanks mate.
>
> This is for IOS SSL client, can't find the same for ASA...
>
> asa(config-group-webvpn)# svc ?
>
> config-group-webvpn mode commands/options:
> compression Configure SVC compression
> dpd-interval Configure the SVC DPD interval
> enable Enable SVC
> keep-installer Configure the SVC install enabler
> keepalive Configure the SVC keepalive
> none Disable SVC
> rekey Configure the SVC rekey
> required Enable and require SVC
>
> A.
>
> on 10/12/2007 8:13 PM Jason Guy (jguy) wrote:
>
>> Alexei,
>>
>> Try using this command under the policy group definition:
>>
>> svc split exclude local-lans
>>
>> It will allow for the split tunneling to keep the route for the
>>
> client's
>
>> local LAN installed. At least, that is what I remember it being used
>> for, it has been a while. :)
>>
>> Jason
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
>>
> Of
>
>> Alexei Monastyrnyi
>> Sent: Friday, October 12, 2007 10:11 AM
>> To: ccielab@groupstudy.com
>> Subject: enabling Local LAN access for SSL VPN (SVC) clients / ASA
>>
> 7.2.3
>
>> Folks,
>> I am just wondering if it is possible at all to enable it?
>>
>> In usual VPN client you just enable it on client side...
>>
>> Couldn't find anything about that in group policy.
>>
>> Shedding some light would be highly appreciated.
>>
>> A.
>>
>>
>>
> _______________________________________________________________________
>
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:16 ART