Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
528
Views
0
Helpful
4
Replies

VPN client connected but not passing traffic

jdedon
Level 1
Level 1

‎03-19-2008 12:02 PM

Hi,

I am having a forest and trees problem here I guess.

I had vpn access working at one point with local authentication. I could access everything on the inside. I then add RSA authentication and upgraded my client to version 4.8

Now for some reason, I can't access anything on the local network. I tried with my profile that uses local authentication that had worked previously and it does not work either.

I am attaching the "cleaned" config.

Can someone please help me find the forest in all the trees

Thanks

Labels:
Preview file
6 KB
0 Helpful
4 Replies 4

wasiimcisco
Level 1
Level 1

‎03-20-2008 03:48 AM

you are having problem with split tunneling.

As i can see your configuration, it is showing me that you have this statement

split-tunnel-policy tunnelall

you need the change to tunnel specific networks and make an access-list for networks that you want to access and call this access-list in group policy.

suppose you want to access 172.0.0.0 subnet that is located behind the vpn device.

make an access-list split extended permit ip 172.0.0.0 255.0.0.0 any

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split

try this disconnet the client and again connecti and it will difinately work, if still have the problem let me, and please rate the post

0 Helpful

jdedon
Level 1
Level 1
In response to wasiimcisco

‎03-20-2008 06:04 AM

Sorry your solution does not work either.

I do not want split tunneling, I want to tunnel everything. I tried your suggestion and configured the split tunnel and I can not access anything when connected, outside or inside. I am beginning to think there is a bug in the firewall code version 7.2(3)

0 Helpful

wasiimcisco
Level 1
Level 1
In response to jdedon

‎03-20-2008 09:29 AM

strange, i am currently running the split tunneling same configuration and it is working for me.

I have a firewall with 7.2(3)8 IOS and I have found a bug but that was that with dhcprelay not split tunneling.

cisco tac is still fix up the bug. U can chang the IOS and then try.

0 Helpful

jdedon
Level 1
Level 1
In response to wasiimcisco

‎03-20-2008 10:28 AM

Interesting that I just deleted all vpn config and then put it back using the gui same as before and I have access using my locally authenticated account again. I built the tunnel for the RSA authenticated users, but I don't have the token available to test it at the moment. But point is, I have basically the same exact config minus two test tunnels and I have vpn access. Not sure what got hosed but I suspect some sort of bug. Thanks for your help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents