09-16-2008 06:12 PM
I am trying to setup a VPN connection to allow clients to access the internal network. I have tried using the VPN wizard time & time again but client will connect but can get out to the internet & communicate with any host on the network. I have tried using a dhcp vpn pool in either the 192.x.x.x or the 10.10.1.X network but no luck.
Any comments or suggestions appreciated.
Solved! Go to Solution.
09-17-2008 09:52 PM
whats the reason of those commands?
nat (Outside) 0 access-list policyPAT
nat (Outside) 5 10.10.1.0 255.255.255.0
if not spicific reason remove them
and put the foolowing command:
sysopt connection permit-ipsec
in global configuration mode to allow the VPN traffic to bypass interface access lists
good luck
if helpful Rate
09-16-2008 10:09 PM
to solve ur problem u need split tunneling
with split tunneling u gonna include what should be tunnled over vpn any thing else will go t the normal client setting like defualt gateway for internet
do:
access-list Split_Tunnel_List standard permit 192.168.1.0 255.255.255.0
group-policy VPNT attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split_Tunnel_List
so only traffic included in ACL Split_Tunnel_List will be included in the VPN tunnel anything else as mentioned will use normal PC seeting
use the following link as a refrence:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml
good luck
if helpful rate
09-17-2008 12:28 PM
Hi Marwan,
Let me try as you said & will give you an update.
Thanks for your input!
09-17-2008 01:24 PM
Hi Marwan,
The commands that you suggested did work work out great! When I VPN into the ASA, I am able to get out to the internet. The only other issue is that I can not ping or access any of the host on the 192.168.1.0 network. How do I go about doing this? What I want to accomplish is access some network drives on a Microsoft Windows 2003 server.
Thanks in advance.
Manny
Thanks.
09-17-2008 01:26 PM
One other quick question, how do I increase the time the the VPN session times out? As of right now, it times out at about 10 minutes.
Thanks.
09-17-2008 03:47 PM
09-17-2008 09:52 PM
whats the reason of those commands?
nat (Outside) 0 access-list policyPAT
nat (Outside) 5 10.10.1.0 255.255.255.0
if not spicific reason remove them
and put the foolowing command:
sysopt connection permit-ipsec
in global configuration mode to allow the VPN traffic to bypass interface access lists
good luck
if helpful Rate
09-18-2008 05:50 AM
I will try it out & give you the results.
Thanks for your efforts by the way.
09-18-2008 07:00 AM
Hi Marwan,
Your suggestions worked out great & am able to access the internet & network drives on the 192.168.1.0 network . I removed the 2 commands & inserted the sysopt connection permit-ipsec command. It worked without the sysopt command but I inserted it anyways because from my understanding it permits IPsec traffic without checking the ACL's?
Anyways thank you so much for all your help.
Manny
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: