06-24-2008 10:15 PM - edited 03-11-2019 06:04 AM
Hi,
we have Lan-to-lan VPN from our office to head office in US. we have servers in US located in DMZ ie database & webhosting, we have enabled remote access VPN also for our client who want to access these servers when they connected to remote access VPN their local lan gets disconnected I tested from our office same issue using remote access VPN & i am attaching the configuration file of firewall in US
Solved! Go to Solution.
06-30-2008 03:58 AM
Just remove existing and add the following
1, access-list testingKowa_splitTunnelAcl extended permit ip (your server ip and mask) 192.168.1.0 255.255.255.0.
2 cal this acl in your active group policy.
split-tunnel-policy tunnelspecified
split-tunnel-network-list
testingKowa_splitTunnelAcl
3, group-policy CiscoASA attributes
no dns-server value 202.138.96.2 202.138.96.100
06-24-2008 10:45 PM
Go over this link for local lan access while VPNing.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml
HTH
-Jorge
06-29-2008 10:05 PM
Hi Jorge,
First thanks
I am able to access Local Lan ie giving printing using the link what u have given,
but not able to access internet I think to go to internet he is not able to understand to which default gateway he should use
I want both to work
pls find the latest FW configuration
06-30-2008 02:57 AM
Dear,
Just remove "any" from your split tunnel acl and mention the networks of your secure networks and then call it in group policy with tunnel specified option.
2, remove dns-server value 202.138.96.2 202.138.96.100.
Regards,
06-30-2008 03:21 AM
Hi,
can u please explain in brief I am not getting
06-30-2008 03:58 AM
Just remove existing and add the following
1, access-list testingKowa_splitTunnelAcl extended permit ip (your server ip and mask) 192.168.1.0 255.255.255.0.
2 cal this acl in your active group policy.
split-tunnel-policy tunnelspecified
split-tunnel-network-list
testingKowa_splitTunnelAcl
3, group-policy CiscoASA attributes
no dns-server value 202.138.96.2 202.138.96.100
06-30-2008 04:26 AM
Local Lan ip: 192.168.130.0/24
VPN Pool ip: 192.168.1.0/24
will it be any impact if I use no dns-server value 202.138.96.2 202.138.96.100
because i am accessing the fw thru L2L vpn
06-30-2008 04:44 AM
ok just do it without removing dns.
06-30-2008 04:53 AM
I tried internet is working but my local lan is not working I want both to work simultaneously
06-30-2008 05:17 AM
07-01-2008 10:13 PM
Hi,
My problem got resolved & thanks for all who supported me to fix this below is the changes i made
1. access-list Bangalore-Lan standard permit 0.0.0.0 255.0.0.0
2. I didn't remove the DNS settings
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide