VPN Split Tunneling

Unanswered Question
Feb 1st, 2009

<br />I have 2 queries on RAS VPN connection.

<br />

<br />1. I have configured 2 PC's to connect to VPN server which are connected thru ADSL NAT connection. I have 2 VPN servers

<br />

<br />configures one as primary and another as backup. It seems like both the clients cannot connect to the same VPN server at a

<br />

<br />time. One goes to primary and another goes to secondary. I want both the PC's to connect to the same server. Whats is going

<br />

<br />wrong?

<br />

<br />

<br />2. I have my Remote Access VPN setup configured on Cisco VPN Concentrator. 2 VPN servers in the same segment.

<br />All the clients connect to internet and then connect to VPN server using Cisco VPN clients with out any issues.

<br />Once connected to VPN server they will get private IP to their VPN clients. Each VPN server will assign the IP's from unique

<br />

<br />subnets to the client.

<br />

<br />VPN Server1-----------Assgin client IP 10.0.0.0/255

<br />VPN Server2-----------Assgin client IP 11.0.0.0/255

<br />

<br />The LAN subnet ip of all the client is 192.168.2.0/24 and they are connected to the same switch without any VLAN's.

<br />

<br />Now some of my VPN clients need to connect to other VPN clients by their LAN IP when they are connected to VPN.

<br />

<br />I configured "Allow Local LAN Access" on VPN client and also on VPN server I enabled "Allow the networks in list to bypass

<br />

<br />the tunnel" and selected "VPN Cleint Local LAN"

<br />

<br />Even though all the clients are in the same subnet they cannot connect.

<br />

<br />When I checked the VPN Client Statistics it shows both Local LAN route 192.168.2.0/24 as well as Secured routes as 0.0.0.0

<br />

<br />Whats is going wrong with my setup?

I have followed the below link for configuration

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00806f34e6.shtml

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
aghaznavi Tue, 02/10/2009 - 08:01

It sounds like you are running in to a PAT limitation of this particular DSL device. If they utilize standards based NAT-T (as opposed to IPsec/UDP or ESP mode) or IPsec/TCP, both of these should be a workaround this problem.

Actions

This Discussion