10-02-2007 08:07 AM - edited 03-11-2019 04:19 AM
Hi
I'm trying to enable split tunnelling but what appears to happen at the moment is that i can access the vpn.
at that point i still have external internet access.
When i actually connect to the server then i lose internet access.
i've attached my config file to see if someone can spot what is probably an obvious mistake.
thanks in advance
suzanne
Solved! Go to Solution.
10-02-2007 08:49 AM
access-list nonat permit ip
nat (inside) 0 access-list nonat
One other thing I noticed is that the vpn pool is part of the inside network. It is not advised to have this configuration. The vpn pool should have a completely different subnet. For example...
ip local pool george4vpn 192.168.20.200-192.168.20.230
access-list nonat permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0
nat (inside) 0 access-list nonat
Also, if you want split tunnel then acl 120 should read...
access-list 120 permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0
Hope this helps. Please rate helpful posts.
10-02-2007 08:46 AM
Hi
I think this isn't a split tunnel problem.
The issue is I can bring up a webpage but not access remote desktop or any other server services. When I look at the vpn stats on the remote connection there are none received although plenty are being sent.
Thanks
Suzanne
10-02-2007 08:49 AM
access-list nonat permit ip
nat (inside) 0 access-list nonat
One other thing I noticed is that the vpn pool is part of the inside network. It is not advised to have this configuration. The vpn pool should have a completely different subnet. For example...
ip local pool george4vpn 192.168.20.200-192.168.20.230
access-list nonat permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0
nat (inside) 0 access-list nonat
Also, if you want split tunnel then acl 120 should read...
access-list 120 permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0
Hope this helps. Please rate helpful posts.
10-09-2007 01:50 AM
Hi
Thanks for the help, and my apologies for taking so long to say thank you. It was all resolved last week.
Can I ask why you say the vpn pool should be on a completely different subnet? It works but I'm curious as to why this would be necessary.
Thanks
Suzanne
10-09-2007 05:12 AM
Suzanne, the pool needs to be unique so the firewall knows were to route the packets, you cannot have two of the identical subnets in existance within a network ~ bad things will happen.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: