It seems we need the vpn-filter defined. We have split-tunneling but we dont have the vpn-filter. I will update this topic after the tests we will be performing today.
Regards, Antonio Soares, CCIE #18473 (R&S/SP) <mailto:[email protected]> [email protected] <http://www.ccie18473.net> http://www.ccie18473.net From: Piotr Matusiak [mailto:[email protected]] Sent: sexta-feira, 23 de Setembro de 2011 16:47 To: Antonio Soares Cc: CCIE Security Maillist Subject: Re: [OSL | CCIE_Security] SSL VPN and RRI Does you customer use Split Tunneling 'include' or 'exclude' policy? Are there ST routes in Route Detail Tab of AC Statistics window? Finally, can you paste sanitized config? Regards, Piotr 2011/9/23 Antonio Soares <[email protected]> Hello Piotr, Yes, basically it doesnt work as expected. The end user adds static routes (Windows route add) and is able to access these networks. The ASA version is a little old (8.2.1), do you think this could be a bug ? Thanks. Regards, Antonio Soares, CCIE #18473 (R&S/SP) <mailto:[email protected]> [email protected] http://www.ccie18473.net From: Piotr Matusiak [mailto:[email protected]] Sent: sexta-feira, 23 de Setembro de 2011 15:38 To: Antonio Soares Cc: CCIE Security Maillist Subject: Re: [OSL | CCIE_Security] SSL VPN and RRI Hi Antonio, It seems like Split tunneling does not work. Am I understand it correctly? Regards, Piotr 2011/9/23 Antonio Soares <[email protected]> Hello group, Need help on this one. A customer has SSL VPN configured with RRI. Customer is saying that it works fine but if the end user add statically more routes to the client machine, the client machine has access to the additional routes. This should not be happening. The ASA is running 8.2.1. Thanks. Regards, Antonio Soares, CCIE #18473 (R&S/SP) [email protected] http://www.ccie18473.net _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
