Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
718
Views
0
Helpful
3
Replies

Web traffic while VPN is connected

jhlee2000
Level 1
Level 1

‎08-23-2006 12:00 PM - edited ‎02-21-2020 02:35 PM

I have some users that now want to be able to surf the web through their local connection at the same time the VPN client is connected to our concentrator. I thought this was a simple routing or DNS issue, but it is turning out to be more of a challenge.

Does anyone have any info on how to allow a client that is connected to VPN to also surf the web. Yes, we have tried enabling "Allow Local LAN Access" and that doesn't help. If there truly isn't an easy way of doing this, looks like I'm going to have to add some more static routes here and there. Thanks all.

Labels:
0 Helpful
3 Replies 3

hemendoz
Cisco Employee
Cisco Employee

‎08-24-2006 11:06 PM

Hello,

This configuration is called split-tunneling. Split-tunneling allows VPN Clients secure access to corporate resources via IPsec while giving unsecured access to the Internet.

Please review this link for details on the configuration process.

Split Tunneling for VPN Clients on the VPN 3000 Concentrator Configuration Example

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00806f34fa.shtml

Hope that helps! If so, please rate.

Thanks

0 Helpful

a.kiprawih
Level 7
Level 7

‎08-24-2006 11:21 PM

Hi,

What you need is to disable split tunneling. Enabling split tunneling means all traffic from vpn client to VPN3K and vice-versa must go through encrypted IPSec tunnel. Disabling it will allow your client to access HQ network, and access internet at the same time. This requires you to specify what subnet(s) need to pass through the tunnel while allowing others to go outside the tunnel, and direct to your internet router or internet.

BTW, I assumed split tunneling is enabled. That's why you can't surf the internet when connecting to the VPN. In your case, there is no option in your VPN Client to enable/disable split tunneling. All is controlled by the Concentrator.

Check your VPN Concentrator settings on Group or User. You can play around (enable/disable) with split tunnelling option from the Group or User setting depening on your requirement. But Group settings is more preferred than individual users.

Check the Group or User configuration option, and look for Split Tunneling Policy under Client Configuration Parameters Tab.

- Group Configuration

Configuration | User Management | Groups | Add or Modify, Client Configuration Tab

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00801f1df7.html#wp1767819

- User Configuration

Configuration | User Management | Base Group, Client Configuration Parameters Tab

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00801f1df7.html#wp1757065

Rgds,

AK

0 Helpful

jhlee2000
Level 1
Level 1

‎08-25-2006 06:17 AM

Hmm... I thank both of you for your comments. I think the answer lies in split tunneling. One answer says to turn it off. One says to turn it on. Right now, I do not have it turned on so I will try and turn it on. Thanks.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents