03-19-2008 12:02 PM
Hi,
I am having a forest and trees problem here I guess.
I had vpn access working at one point with local authentication. I could access everything on the inside. I then add RSA authentication and upgraded my client to version 4.8
Now for some reason, I can't access anything on the local network. I tried with my profile that uses local authentication that had worked previously and it does not work either.
I am attaching the "cleaned" config.
Can someone please help me find the forest in all the trees
Thanks
03-20-2008 03:48 AM
you are having problem with split tunneling.
As i can see your configuration, it is showing me that you have this statement
split-tunnel-policy tunnelall
you need the change to tunnel specific networks and make an access-list for networks that you want to access and call this access-list in group policy.
suppose you want to access 172.0.0.0 subnet that is located behind the vpn device.
make an access-list split extended permit ip 172.0.0.0 255.0.0.0 any
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
try this disconnet the client and again connecti and it will difinately work, if still have the problem let me, and please rate the post
03-20-2008 06:04 AM
Sorry your solution does not work either.
I do not want split tunneling, I want to tunnel everything. I tried your suggestion and configured the split tunnel and I can not access anything when connected, outside or inside. I am beginning to think there is a bug in the firewall code version 7.2(3)
03-20-2008 09:29 AM
strange, i am currently running the split tunneling same configuration and it is working for me.
I have a firewall with 7.2(3)8 IOS and I have found a bug but that was that with dhcprelay not split tunneling.
cisco tac is still fix up the bug. U can chang the IOS and then try.
03-20-2008 10:28 AM
Interesting that I just deleted all vpn config and then put it back using the gui same as before and I have access using my locally authenticated account again. I built the tunnel for the RSA authenticated users, but I don't have the token available to test it at the moment. But point is, I have basically the same exact config minus two test tunnels and I have vpn access. Not sure what got hosed but I suspect some sort of bug. Thanks for your help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide