03-19-2008 12:02 PM
Hi,
I am having a forest and trees problem here I guess.
I had vpn access working at one point with local authentication. I could access everything on the inside. I then add RSA authentication and upgraded my client to version 4.8
Now for some reason, I can't access anything on the local network. I tried with my profile that uses local authentication that had worked previously and it does not work either.
I am attaching the "cleaned" config.
Can someone please help me find the forest in all the trees
Thanks
03-20-2008 03:48 AM
you are having problem with split tunneling.
As i can see your configuration, it is showing me that you have this statement
split-tunnel-policy tunnelall
you need the change to tunnel specific networks and make an access-list for networks that you want to access and call this access-list in group policy.
suppose you want to access 172.0.0.0 subnet that is located behind the vpn device.
make an access-list split extended permit ip 172.0.0.0 255.0.0.0 any
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
try this disconnet the client and again connecti and it will difinately work, if still have the problem let me, and please rate the post
03-20-2008 06:04 AM
Sorry your solution does not work either.
I do not want split tunneling, I want to tunnel everything. I tried your suggestion and configured the split tunnel and I can not access anything when connected, outside or inside. I am beginning to think there is a bug in the firewall code version 7.2(3)
03-20-2008 09:29 AM
strange, i am currently running the split tunneling same configuration and it is working for me.
I have a firewall with 7.2(3)8 IOS and I have found a bug but that was that with dhcprelay not split tunneling.
cisco tac is still fix up the bug. U can chang the IOS and then try.
03-20-2008 10:28 AM
Interesting that I just deleted all vpn config and then put it back using the gui same as before and I have access using my locally authenticated account again. I built the tunnel for the RSA authenticated users, but I don't have the token available to test it at the moment. But point is, I have basically the same exact config minus two test tunnels and I have vpn access. Not sure what got hosed but I suspect some sort of bug. Thanks for your help
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: