ASA(config-group-webvpn)# split-tunnel-network-list value splitVPN

Change it to:

ASA(config-group-webvpn)# split-tunnel-network-list value rbt_splitTunnelAcl

So have you tried the above config and it doesn’t work?

Harris

============================================
Identity Nat
============================================
object network INSIDE_HOSTS1
subnet 172.18.0.0 255.255.0.0
!
object network RAVPN_HOSTS1
subnet 172.16.170.0 255.255.255.0
!
nat (inside,Sahara-internet) source static INSIDE_HOSTS1 INSIDE_HOSTS1 destination static RAVPN_HOSTS1 RAVPN_HOSTS1

===============================================
Define your Split Tunnel ACL
===============================================
ASA(config)# access-list rbt_splitTunnelAcl standard permit 172.16.0.0 255.255.0.0
ASA(config)# access-list rbt_splitTunnelAcl standard permit 172.18.0.0 255.255.0.0

=======================================
Define the Group Policy for the WebVPN
=======================================
ASA(config)# group-policy NPC_SSLVPN internal
ASA(config)# group-policy NPC_SSLVPN attributes
ASA(config-group-policy)# vpn-tunnel-protocol svc webvpn
ASA(config-group-policy)# webvpn
ASA(config-group-webvpn)# split-tunnel-policy tunnelspecified
ASA(config-group-webvpn)# split-tunnel-network-list value splitVPN
ASA(config-group-webvpn)# split-dns value *****************
ASA(config-group-webvpn)# dns-server value ************

============================
Define a DHCP pool for the clients to use
============================
ASA(config)#ip local pool NPCPOOL 172.16.170.51-172.16.170.200 mask 255.255.255.0

============================
Define a local user to use for the VPN
============================
ASA(config)# username password privilege 15
ASA(config)# username attributes
ASA(config-username)# vpn-group-policy NPC_SSLVPN

=============================================
Enable WebVPN
=============================================

ASA(config)# webvpn
ASA(config-webvpn)#enable Sahara-internet
ASA(config-webvpn)# anyconnect image disk0:/anyconnect-macosx-i386-2.5.2019-k9.pkg 1
ASA(config-webvpn)# anyconnect image disk0:/anyconnect-win-2.5.2019-k9.pkg 2
ASA(config-webvpn)# anyconnect enable

=============================================
Define the tunnel group
=============================================
ASA(config)# Tunnel-group TG_SSLVPN type remote-access
ASA(config)# Tunnel-group TG_SSLVPN general-attributes
ASA(config-tunnel-general)# default-group-policy NPC_SSLVPN
ASA(config-tunnel-general)# address-pool NPCPOOL

===============================
Link the tunnel group to WebVPN
===============================
ASA(config)# webvpn
ASA(config-webvpn)# tunnel-group-list enable
ASA(config-webvpn)# exit
ASA(config)# tunnel-group TG_SSLVPN webvpn-attributes
ASA(config-tunnel-webvpn)# group-alias AnyConnect enable

====================
saving the config
====================
ASA(config)# write

Open the “Cisco Anyconnect VPN Client” software (it must be installed on your PC after connecting for the first time on the ASA) and click on “Preferences” button (it is next to “Connect to: IP address”). Then click on “Enable Local LAN Access“.

Followed the guide above and the tunnel works almost perfect!

Only problem is that i can’t reach the internal network. Can’t ping, RDP, telnet or open in explorer.

I’m using the exact IP adresses as mentioned in the guide.

I have my SSL-VPN (SONICWALL) box behind Cisco ASA box, I have done the Static for the SSL BOX Im able to ping the box from internet, but not able to login to the ssl vpn webpage. Previously SSL box was working with the static public ip.

Any suggestions would be great

Anyconnect VPN worked perfect by using your configuration.
ASA 5510 came with only 2 connections so I ordered Anyconnect Essentials license.
After I install the license, Anyconnect VPN is saying could not connect to server.
I cannot open the https://my IP page either.

Any advice?

normally static should take the precedence over dynamic which did not happened.

Any comments would be great

I got the ip address from the VPNpool, I’ve tested it by trying to ping the local machines. I’ve turned off the firewall on the PC in the internal network just to make sure but it cannot be accessed.

Also I cannot browse the internet while I’m just connectted to Anyconnect. I can only browse the internet when I set the splittunnel. But if I do all the traffic seems to go out through the local gateway and never goes through the VPN tunnel.

OK, first check that you have received IP address. Run ipconfig /all on your machine to see which IP you have been assigned. When you say you can’t access internal network, how do you test this? Try to open an RDP connection to an internal windows box because ping might be denied by local windows firewall. Also, remove the “no-proxy-arp” from the end of nat command.