Local Lan Access and VPN3k/ASA

Hi guys,

I think it is not possible on Cisco ASA and VPN3K but I wanted to confirm.

This feature I am asking for works fine on Juniper SSLVPN gateways.

The scenario is users are VPN'ing to VPN3K with split tunnel ENABLED. From the gateway, ranges and as pushed as Split tunnel routes. Now the issue is they cannot access their home network resources like printers, laptops, microwaves, washing machines ;-) whatever once they are VPN'ed in. In VPN3K, there is no way to push Local Lan access in split tunnel mode and it is only possible with full tunnels. I think there are three solutions to this problem:

1. Enable full tunnel (Not possible for me)

2. Ask users to use illegal range like for their home networks.

3. Advertise more specific 10/8 and 192.168/16 from the gateway. it definitely increases config/ops/management overhead as I need to add new 10/8 networks as they come online inside enterprise.


Please let me know if you have any better solution in mind.



Sign In or Register to comment.