Cisco → asa 5510 vpn question

is it possible to setup 2 vpn's for a user? reason i ask is that i have a client who wants split and non split tunnels for their users. I see the need as if they are at home and want to print to a network they can, but still give them added seurity for public wifi concerns... looking for ideas if anyone has anything.

I believe the only way that this would work is that there has to be two different user profiles for the same person such as username admin and username guest where the admin as split tunnel feature while the other username does not. To simplify, you can keep the same password for both usernames although it may be less secure approach.

Something like this may help you:

group-policy split internal
group-policy split attributes
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value CLIENTVPN
 address-pools value IPPOOL
 
group-policy not-split internal
group-policy not-split attributes
 split-tunnel-policy tunnelall
 split-tunnel-network-list value CLIENTVPN
 address-pools value IPPOOL
 
tunnel-group split type remote-access
tunnel-group split general-attributes
 default-group-policy split
tunnel-group split ipsec-attributes
 pre-shared-key PSK_GOES_HERE
 
tunnel-group not-split type remote-access
tunnel-group not-split general-attributes
 default-group-policy not-split
tunnel-group not-split ipsec-attributes
 pre-shared-key PSK_GOES_HERE
 

then depending on which group username (profile) they use, they get all traffic tunneled or just a subset of traffic.

Ryan