07-30-2013 03:40 AM
Hi,
I have a Cisco 887 which has been configured mainly using CCP, I have managed to setup a basic configuration with a firewall and now a VPN. I can get clients to VPN into the office and access the local LAN resources. From what I've read I am not using Split tunneling as I can connect using the VPN client on my iphone ( which I want). But any VPN client can't access the internet.
I guess I need to add something to route the traffic back out? But I am unsure on what exactly?
I have attached my config, appreciate any help on this plus any other tips if you see any schoolboy errors!
Thanks
James
07-30-2013 10:32 AM
hi james,
could you try:
Router(config)#ip access-list extended SPLIT-TUNNEL
Router(config-ext-nacl)#permit ip 10.0.0.0 0.255.255.255 any
Router(config)#crypto isakmp client configuration RemoteUsers
Router(config-isakmp-group)#acl SPLIT-TUNNEL
07-30-2013 12:29 PM
Hi,
Thanks,I've read that adding a split tunnel will stop my iphone vpn from working? I wanted all vpn traffic to be routed through the tunnel including Internet traffic.
Sent from Cisco Technical Support iPad App
07-31-2013 12:12 AM
Hi James,
Split tunnelling will just protect "interesting" traffic matched by the ACL and send it to the VPN tunnel. Other network traffic will be routed as per normal.
It is not advisable to include Internet traffic as this will put your private network at risk and also cause a congestion to your VPN connection.
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide