Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Connection Established but now cannot access the internet

I am running Mac OS X 10.4 and have successfully downloaded Cisco VPN Client version 4.9.01.0080.

Although I can successfully establish a connection, I am no longer able to connect to the internet - my internet connection can only be regained if I disconnect from the VPN.

Please note I am NOT a technical resource so please provide the 'for dumnmies' version of any suggestions!

Thanks.

Debra

9 REPLIES
New Member

Re: VPN Connection Established but now cannot access the interne

you need to enable vpn tunnel splitting on ur vpn device

New Member

Re: VPN Connection Established but now cannot access the interne

Thanks.

I checked this in the client transport settings and it is ticked for Enable Transport Tunneling (UDP).

Any other thoughts?

New Member

Re: VPN Connection Established but now cannot access the interne

not in client, you need to enable vpn tunnel splitting on ur VPN Server that can be router / pix or ASA box

New Member

Re: VPN Connection Established but now cannot access the interne

I have the same problem and I did enable split tunneling and it works fine on my Windows machines. It is my MAC machines running 10.4 that do not work. I am running Cisco VPN Client Cisco VPN Client - 4.9.01.0080 which was the latest I could find and I think it is the latest.

Is this a Cisco VPN client issue or is this still PIX configuration? I run a PIX 506E.

Re: VPN Connection Established but now cannot access the interne

this is PIX configuration issue.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009442e.shtml

access-list 101 for split-tunneling

access-list 101 permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0

vpngroup vpn3000 split-tunnel 101

New Member

Re: VPN Connection Established but now cannot access the interne

Ok I'm confused. What does 10.1.1.0 represent? The inside network or the VPN pool? And what does 10.1.2.0 represent?

And understand that my Windows machines DO get local Internet, it is only my MACs.

Thanks.

Re: VPN Connection Established but now cannot access the interne

10.1.1.0 inside network

10.1.2.0 VPN POOL

New Member

Re: VPN Connection Established but now cannot access the interne

I am still unable to get out on the Internet. Ironically, my Skype still works. I cannot reach Internet sites by name. After carefully going through config I already had split-tunneling which is why it works for my Windows machines.

I have only tested this Macbook Pro 17 and no other MAc frankly, but I'll try on another Mac.

Any other ideas a.alekseev?

This is what I have done:

I have split tunneling, I have the newest Cisco VPN Client for Mac, I can VPN in with my username and everything, ut I cannot hit websites by name. Basically I am unable to resolve. I opened a gaping hole on the firewall just to test and still nothing.

What's next?

New Member

Re: VPN Connection Established but now cannot access the interne

PROBLEM SOLVED!

I took off this line off my PIX:

vpngroup (vpnname here) dns server x.x.x.x x.x.x.x

I was forcing VPN to the clients when I didn't have to. The problem with that is that MAC 10.4 automatically re-writes its own file called resolv.conf on the etc folder. This file posts the name servers acquired from the VPN. If the PIX does not push DNS Servers the file keeps its original configs which allows local Internet access.

hope this helps.

364
Views
0
Helpful
9
Replies