VPN client

Unanswered Question
Feb 12th, 2007

I recently upgraded to cisco asa. I configured users to connect through client VPN. on my laptop i installed VPN client software. when I connect to the asa I recieve the banner that I made to verify connection and it shows as connected. after I connect I can not ping or access the Internet. when I disconnect form the VPN, I am able to access Interenet resources again, but still not able to access files at my sites.???

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
dtooth71 Mon, 02/12/2007 - 13:16

a config of the asa? bear with me I am new to the Cisco world.

ggilbert Mon, 02/12/2007 - 14:35

Yes, the config of the ASA would help us out.

"sh run"

Inorder for you to access the internet while connected through the VPN, you would need to do split tunneling or if you want to access internet via the ASA, that can be done as well.

Cheers

Gilbert

Kamal Malhotra Mon, 02/12/2007 - 17:09

Hi,

It seems that you need to configure split-tunnel. If you are configuring through GUI (ASDM) then do the following :

1. Goto Configuration -> VPN -> General -> Group Policy.

2. Select the Group Policy you are using and click 'Edit'.

3. Goto Client Configuration -> General Client Parameters.

4. Make sure that the 'Inherit' against the Split Tunnel Policy and Split Tunnel Network List are unchecked.

5. Against Split Tunnel Policy select 'Tunnel Network List Below'.

6. Against Split Tunnel Network List make sure 'none' is selected and then click Manage.

7. Under Standard ACL, click Add.

8. Define a name.

9. Right click the ACL you created and click Add ACE.

10. Define the local network behind the ASA. Make sure that the network address and the mask is correct.

11. Click OK. Click OK. Click Apply and you are done.

If you are using CLI, the do the following :

(config)#access-list split permit ip any

(config)#group-policy attributes

(config-group-policy)#split-tunnel-policy tunnelspecified

(config-group-policy)#split-tunnel-network-list value split

HTH,

Regards,

Kamal

Kamal Malhotra Mon, 02/12/2007 - 17:11

Small correction :

(config)#access-list split permit ip any

should be

(config)#access-list split standard permit ip

Actions

This Discussion