Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1946
Views
0
Helpful
2
Replies

Cisco Vpn Client Not Assigned Default Gateway

exonetinf1nity
Level 1
Level 1

‎05-27-2008 07:54 AM

Greetings, im having problems obtaining a default gateway for a vpn client.

IKE Phase 1 and 2 run through correctly and i have specified a split tunnel list for the inside network i wish to encrypt.

The inside networks consist of several sub interfaces which also route traffic between themselves, as advised by another member for this too work i have added a NAT exempt statement for the internal network as below.

interface Ethernet0/1

no nameif

no security-level

no ip address

!

interface Ethernet0/1.101

vlan 101

nameif access

security-level 100

ip address 172.29.255.1 255.255.255.0

!

interface Ethernet0/1.102

vlan 102

nameif voice

security-level 100

ip address 172.28.255.1 255.255.255.0

!

interface Ethernet0/1.103

vlan 103

nameif branch

security-level 100

ip address 172.27.255.1 255.255.255.0

!

interface Ethernet0/1.104

vlan 104

nameif remote

security-level 100

ip address 172.26.255.1 255.255.255.0

!

interface Ethernet0/1.998

vlan 998

nameif guest

security-level 25

ip address 172.30.255.1 255.255.255.0

!

interface Ethernet0/1.999

vlan 999

nameif native

security-level 100

ip address 172.31.255.1 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

access-list exempt_nat0_outbound extended permit ip 172.24.0.0 255.248.0.0 172.24.0.0 255.248.0.0

!

global (outside) 1 interface

nat (access) 0 access-list exempt_nat0_outbound

nat (access) 1 172.29.255.0 255.255.255.0

nat (voice) 0 access-list exempt_nat0_outbound

nat (branch) 0 access-list exempt_nat0_outbound

nat (remote) 0 access-list exempt_nat0_outbound

nat (guest) 1 172.30.255.0 255.255.255.0

nat (native) 0 access-list exempt_nat0_outbound

nat (native) 1 172.31.255.0 255.255.255.0

My split tunnel list includes just the "Access network" on 172.29.255.0/24, i have also tried removing all the NAT statements bar a single exempt for the access network.

Any suggestions would be most welcome.

Labels:
0 Helpful
2 Replies 2

andrew.prince
Level 10
Level 10

‎05-28-2008 04:04 AM

When you connect and hav a sucessful VPN connection - you will not get a defagut gateway for the VPN connection, as the traffic is routed via the local virtual VPN adapter.

HTH.

0 Helpful

exonetinf1nity
Level 1
Level 1
In response to andrew.prince

‎05-28-2008 04:48 PM

Ah ok, makes sense, ill check back on the firewall and see if NAT is causing a problem.

Cheers for the response.

Regards

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents