Local Lan Access and VPN3k/ASA

Hi guys,

I think it is not possible on Cisco ASA and VPN3K but I wanted to confirm.

This feature I am asking for works fine on Juniper SSLVPN gateways.

The scenario is users are VPN'ing to VPN3K with split tunnel ENABLED. From the gateway, ranges  10.0.0.0/8 and 192.168.0.0/16 as pushed as Split tunnel routes. Now the issue is they cannot access their home network resources like printers, laptops, microwaves, washing machines ;-) whatever once they are VPN'ed in. In VPN3K, there is no way to push Local Lan access in split tunnel mode and it is only possible with full tunnels. I think there are three solutions to this problem:

1. Enable full tunnel (Not possible for me)

2. Ask users to use illegal range like 192.0.2.0/24 for their home networks.

3. Advertise more specific 10/8 and 192.168/16 from the gateway. it definitely increases config/ops/management overhead as I need to add new 10/8 networks as they come online inside enterprise.

 

Please let me know if you have any better solution in mind.

 

thanks,
Zeus

Sign In or Register to comment.