Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 515 E 6.0

I was scheduled onsite to configure a client-to-site vpn connection.

I of course used the wizard :( and I got confused in the last bit as my concepts were not very clear.

It is all to do with "split tunneling" option and the NAT option.

*****************************

Of course the VPN did work fine with xauth tunred on pointing to the local database. But the issues experienced are as follows:

1) The VPN client could not ping any internal servers.

2) The DHCP pool i.e. subnet mask on the client was defaulting to 255.0.0.0 and the ip address was from teh correct vpn-pool range i.e. 10.250.1.2 ( the site admin would want the subnet mask to be 255.255.255.0 )

3) The user could not access the internet without pointing to the office proxy server neither could I access any home pritners.

All the client test were carried out from a different lan which simulates a home network for all mobile users i.e. even a independant ISP cable line with linksys router installed.

Can anyone please advise me on this.

cheers

5 REPLIES
Silver

Re: PIX 515 E 6.0

DId you add the mask keyword at the end of your pool like so: ip local pool VPN x.x.x.x-x.x.x.x.x mask 255.255.255.0

or whatever you want the mask to be? I assume that your problems are related to this.

HTH

New Member

Re: PIX 515 E 6.0

Split tunneling tells the VPN client what internal network is on the other side of the tunnel.

ex. If your internal network is 10.250.1.2 255.255.255.0, you would add that in your split tunnel definition in the GUI.

To correct your subnet mistake on the VPN pool, you will have to delete the VPN configuration and run the wizard again. Make sure and delete the Policy related to the Client to Site VPN, then delete the IPSEC rule.

Apply this, and it will then let you edit the VPN-Pool. Correct your subnet, and you can specify this pool in the wizard when you reconfigure the VPN.

New Member

Re: PIX 515 E 6.0

Would I be correct in saying that is the reason why I could not ping once the vpn session was up?

I did not get prompted for the subnet in the VPN Wizard to be honest.

Is there some Cisco document on split tuneling which will explain this with detailed explaination will be of a great help....

cheers

Silver

Re: PIX 515 E 6.0

New Member

Re: PIX 515 E 6.0

Thanky you so much for the previous links but it still does not answer the confusion I have with why I could not ping the internal servers after successfull connection.

adn split tunneling of course :(

cheers

108
Views
0
Helpful
5
Replies