I have the configuration below working on a 1720. It works fine if I don't try to enable split tunneling. It i add the ACL 108 to the isakmp group then they can only get to the internet, they are unable to get to the private network. Anybody see any obvious mistakes?
Also, why can't the uses get to the internet without split tunneling? I don't care if they had to go through the tunnel, actually I might prefer it. Why can't the route route and nat the packets from the vpn clients?
no parser cache
logging buffered 4096 debugging
aaa authentication login default group radius enable
aaa authentication login userauthen group radius enable
aaa authorization network groupauthor local
aaa session-id common
enable secret 5 xxxxxxxxxxxxxxxxxx
ip domain-name domain.com
ip name-server 192.168.0.1
crypto isakmp policy 3
crypto isakmp client configuration group Remote-Users
Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
If anyone else in the forum has some advice, please reply to this thread.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...