Cisco ASA Series Cli Configuration Manual page 1786
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Configuring Split Tunneling
hostname(config)# no vpnclient trustpoint
hostname(config)#
Configuring Split Tunneling
Split tunneling lets a remote-access IPsec client conditionally direct packets over an IPsec tunnel in
encrypted form or to a network interface in clear text form.
The Easy VPN server pushes the split tunneling attributes from the group policy to the Easy VPN Client
for use only in the work zone. See
to configure split tunneling on the Cisco ASA 5505.
Enter the following command in global configuration mode to enable the automatic initiation of IPsec
tunnels when NEM and split tunneling are configured:
no removes the command from the running configuration.
For example:
hostname(config)# vpnclient nem-st-autoconnect
hostname(config)#
Configuring Device Pass-Through
Devices such as Cisco IP phones, wireless access points, and printers are incapable of performing
authentication. Enter the following command in global configuration mode to exempt such devices from
authentication, thereby providing network access to them, if individual user authentication is enabled:
Only the first six characters of the specific MAC address are required if you use the MAC mask
ffff.ff00.0000 to specify all devices by the same manufacturer. For example, Cisco IP phones have the
Manufacturer ID 00036b, so the following command exempts any Cisco IP phone, including Cisco IP
phones, you might add in the future:
hostname(config)# vpnclient mac-exempt 0003.6b00.0000 ffff.ff00.0000
hostname(config)#
Cisco ASA Series CLI Configuration Guide
1-8
[no] vpnclient nem-st-autoconnect
[no] vpnclient mac-exempt mac_addr_1 mac_mask_1 [mac_addr_2 mac_mask_2...mac_addr_n
mac_mask_n]
no removes the command from the running configuration.
mac_addr is the MAC address, in dotted hexadecimal notation, of the device to bypass individual
user authentication.
mac_mask is the network mask for the corresponding MAC address. A MAC mask of ffff.ff00.0000
matches all devices made by the same manufacturer. A MAC mask of ffff.ffff.ffff matches a single
device.
Note
The mac-exempt list cannot exceed 15.
Chapter 1
Configuring Split-Tunneling Attributes for Group Policies, page 1-54
Configuring Easy VPN Services on the ASA 5505
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
