Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

SA540 VPN

Has anyone got their SSL VPN working with FULL TUNNEL? I am able to connect but can't ping/access any network resources. I have done following:

  • Set client vpn address range and DNS servers.
  • Set VPN Policy with all network resources to permit to all.
  • Set up VPN portal.
  • Set Radius authentication for uses.

What am I missing? I have been on phone with CISCO tech. support for a week and they are useless. So if anyone has got this working, please do me a favor by telling me your steps.

Thank you.

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Green

SA540 VPN

1.)

2.)

3.)

4.)

5.)

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
8 REPLIES
Green

SA540 VPN

Hi Qasim,  under the SSL vpn client configuration, did you disable the split tunnel option?

Can you also provide your case number from a week ago?

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

SA540 VPN

I have been going back and forth with CISCO support over setting up vpn. We've tried both SSL and IPsec. Here are the case numbers:

622857601     SSL VPN

622937831     IPsec VPN

Split tunnel option isn't enabled.

Green

SA540 VPN

1.)

2.)

3.)

4.)

5.)

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

SA540 VPN

Thanks Tom. And we do get IP address. However, we can't ping or access a network computer. If you are free today after 2pm EST, let's talk about this over phone. I believe you have my phone number and extension?

Thanks.

Qaism

Green

SA540 VPN

Qasim, I will ring you around 4pm EST. I also left my lab set up over night so you may test my lab environment.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

SA540 VPN

Tom, I forgot to mention its Labor Day weekend here. My company is closing at 3pm and I won't be back in office till Tuesday. I will try to redo my vpn environment on Tuesday and will let you know how it goes. Thanks again for your help.

Happy Labor Day weekend.

Green

SA540 VPN

Qasim, I tried to call you at 4 today. My lab is up and working with LAN connectivity and full tunnel. I will provide you credentials to my lab when you're available.

Please email me your telephone number and extension and I would like to call you at 4pm EST some time.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

SA540 VPN

So here is how we resolved it with your help

  1. SSL VPN policy should permit all addresses.
  2. Windows Server 2003 and previous operating systems need static route entries for vpn clients connecting to local devices.
    1. On the other hand, machines running Windows Server 2003R2 or later do not neet any static routes.
  3. Although changes in group policy were suggested, we did not need them in this instance.

Thanks for your help Tom.

Qasim

2148
Views
20
Helpful
8
Replies