Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problems using VPN client 3.5.1

Hi!

I'm having some problems using the VPN Client with a dial-up Internet connection. When i start the VPN Client to access my company's LAN my regular Internet access goes unavailable. I think it mite be related with the MTU configuration but i'm not sure.

Regards,

Olindo

  • Other Security Subjects
4 REPLIES
New Member

Re: Problems using VPN client 3.5.1

Olindo

Probably nothing to do with MTU - more likely you haven't got split tunnelling enabled.

Be default Cisco VPN Head Ends publish a default route to their VPN clients - meaning that once the tunnel is active the client will send ALL traffic over the tunnel - including your normal Internet stuff. Thus you can access the Internal networks, but not the Internet.

Enabling split tunnelling allows you to only publish the Internal networks that the VPN Head End is protecting to the client - meaning that you can access these, and the Internet, at the same time.

Split runneling is supported on all VPN Head End platforms (IOS, VPN Concentrator, PIX) - and the configuration is slightly different for each. If you let me know what your head end is, I can give you some pointers.

Regards, Barry

New Member

Re: Problems using VPN client 3.5.1

Hi Barry!

First i'd like to thank for your reply. I have a PIX535 to receive the VPN tunnels.

Regards,

Olindo

New Member

Re: Problems using VPN client 3.5.1

Olindo

On the PIX you to configured something like this:

vpngroup vpnclient address-pool vpnpool

vpngroup vpnclient split-tunnel 101

vpngroup vpnclient idle-time 1800

vpngroup vpnclient password ********

!

access-list 101 permit ip 193.36.8.0 255.255.255.0 any

access-list 101 permit ip 193.36.10.0 255.255.255.0 any

The above would cause the PIX to only publish to the VPN client the 193.36.8.0 and 193.36.10.0 subnets. This means that the client will only tunnel traffic destined to these networks to the PIX - and will send any other traffic directly to the Internet.

Note that this does open the possibility of security exposures on your client - thus the use of a PC firewall product is strongly recommended.

Hope this helps.

Regards, Barry

New Member

Re: Problems using VPN client 3.5.1

I Barry!

It solved my problem.

Many thanks,

Olindo

203
Views
0
Helpful
4
Replies