Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
883
Views
0
Helpful
3
Replies

Cannot connect to internet while VPN to network.

Go to solution
gaban
Level 1
Level 1

‎12-02-2002 04:20 PM - edited ‎02-21-2020 12:12 PM

I have a dsl account and when I vpn in to our network using cisco vpn client to vpn 3015 I cannot access the internet anymore locally. I have to use our network internal proxy server. Is there a way to do the vpn tunnel but also use the local DSL internet connection for browsing?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎12-02-2002 04:32 PM

You need to set up split tunnelling, so that only certain packets are sent across the tunnel, the rest go out in the clear just as normal packets.

In the 3015 create a Network List under Config - Policy Mgmt - Traffic Mgmt - Network List, this list will include your internal networks (traffic you want to be tunnelled). Then go under the Group that the client is connecting to, under the Client Config tab, select Only tunnel networks in the list and select your list in the drop-down box. Reconnect and you're good to go.

Keep in mind split-tunnelling is considered somewhat of a security risk seeing as your PC is now accessable from the Internet AND you have a VPN straight into your internal network. If someone can take over your PC then they have access to everything. You might want to also look into enabling the client firewall stuff as well.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎12-02-2002 04:32 PM

You need to set up split tunnelling, so that only certain packets are sent across the tunnel, the rest go out in the clear just as normal packets.

In the 3015 create a Network List under Config - Policy Mgmt - Traffic Mgmt - Network List, this list will include your internal networks (traffic you want to be tunnelled). Then go under the Group that the client is connecting to, under the Client Config tab, select Only tunnel networks in the list and select your list in the drop-down box. Reconnect and you're good to go.

Keep in mind split-tunnelling is considered somewhat of a security risk seeing as your PC is now accessable from the Internet AND you have a VPN straight into your internal network. If someone can take over your PC then they have access to everything. You might want to also look into enabling the client firewall stuff as well.

0 Helpful

Go to solution
gaban
Level 1
Level 1
In response to gfullage

‎12-02-2002 04:47 PM

Thanks! I have enabled split tunneling and it works. You mentioned enabling the client firewall. HOw do you do this.

0 Helpful
Customers Also Viewed These Support Documents