Split-Tunneling Question

Unanswered Question
Nov 19th, 2007

I added the commands to my config to enable split tunneling. Now I can access the Internet while VPN'd in but not the network. I've attached a sanitized config. Can you please let me know where it is wrong? Thank you.

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
kagodfrey Tue, 11/20/2007 - 00:18

Hi Thomas

It's difficult to say for sure without knowing what was originally behind the xxx'd out address, but as you have xxx'd out your outside address as well I wonder whether your split tunnel acl is correct? Split tunnel "permit"s should be configured to allow data from the VPN client's IP address range across the VPN to the desired internal destination, therefore it should be permitting your inside network. The VPN client will then send traffic destined for your internal network down the VPN and route other traffic out of the VPN users internet connection as normal.

HTH

Kev

thomas.reiling Tue, 11/20/2007 - 04:05

Thanks, Kev. What was behind the original xxx's is the private network address that my pc has before I fire up the tunnel. It's a 10.x.x.x address.

kagodfrey Tue, 11/20/2007 - 08:31

Hi Thomas

That will most likely be it then. The ACL should be in the form permit ip inside_subnet inside_mask vpnIPrange_subnet vpnIPrange_mask. In your case that would be:

access-list SPLIT-TUNNEL permit ip 192.168.41.0 255.255.255.0 192.168.46.0 255.255.255.0

and with that you should be able to access your internal network via the VPN whilst still being able to access the internet locally.

HTH

Kev

Actions

This Discussion