I have seen a few messages that touched on this, but I wanted to see if I could get a direct answer. I have a 1720 with the WIC Ethernet (E0) that connects to the internet and does NAT for the internal users, internal interface, Fa0, is private address space. E0 has an external public IP.
Should the VPN users be able to get to the internet if they are connecting to E0? I would really prefer to not use split tunneling, besides I can't get it to work.
If you are talking about Cisco VPN client 3.x to IOS router, the answer for your question is "no". The only way you can make that working is using "split-tunnelling" feature.
I belive your problem with split-tunnel is not working should be something to do with the "nonat" access-list.
Would you please attach your router config and we will work out the issue for you. Or open a case with TAC, we will help you to make it working as well.
For PPTP, I do make our customers network working fine with tunnel all feature. The PPTP client can going in to the router and going out to the internet again. That is because the PPTP using virtual-template and I binding the ip address of the virtual-template to inside interface.
From the inside interface, processing "ip nat inside".
But IPSEC VPN client, it is a different story. So the answer is no.
Please check following config for PPTP:
! Default PPTP VPDN group
crypto mib ipsec flowmib history tunnel size 200
crypto mib ipsec flowmib history failure size 200
description connected to Internet
ip address 184.108.40.206 255.255.255.0
ip nat outside
description connected to EthernetLAN
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip unnumbered FastEthernet0
peer default ip address pool testpool
ppp encrypt mppe 40
ppp authentication ms-chap
ip local pool testpool 10.0.0.201 10.0.0.230
ip nat inside source list 101 interface Ethernet0 overload
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :