I have some users that now want to be able to surf the web through their local connection at the same time the VPN client is connected to our concentrator. I thought this was a simple routing or DNS issue, but it is turning out to be more of a challenge.
Does anyone have any info on how to allow a client that is connected to VPN to also surf the web. Yes, we have tried enabling "Allow Local LAN Access" and that doesn't help. If there truly isn't an easy way of doing this, looks like I'm going to have to add some more static routes here and there. Thanks all.
What you need is to disable split tunneling. Enabling split tunneling means all traffic from vpn client to VPN3K and vice-versa must go through encrypted IPSec tunnel. Disabling it will allow your client to access HQ network, and access internet at the same time. This requires you to specify what subnet(s) need to pass through the tunnel while allowing others to go outside the tunnel, and direct to your internet router or internet.
BTW, I assumed split tunneling is enabled. That's why you can't surf the internet when connecting to the VPN. In your case, there is no option in your VPN Client to enable/disable split tunneling. All is controlled by the Concentrator.
Check your VPN Concentrator settings on Group or User. You can play around (enable/disable) with split tunnelling option from the Group or User setting depening on your requirement. But Group settings is more preferred than individual users.
Check the Group or User configuration option, and look for Split Tunneling Policy under Client Configuration Parameters Tab.
- Group Configuration
Configuration | User Management | Groups | Add or Modify, Client Configuration Tab
Hmm... I thank both of you for your comments. I think the answer lies in split tunneling. One answer says to turn it off. One says to turn it on. Right now, I do not have it turned on so I will try and turn it on. Thanks.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :