Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco EasyVPN Client Internet Access

Hi,

I have a Cisco 887 which has been configured mainly using CCP, I have managed to setup a basic configuration with a firewall and now a VPN. I can get clients to VPN into the office and access the local LAN resources. From what I've read I am not using Split tunneling as I can connect using the VPN client on my iphone ( which I want). But any VPN client can't access the internet.

I guess I need to add something to route the traffic back out? But I am unsure on what exactly?

I have attached my config, appreciate any help on this plus any other tips if you see any schoolboy errors!

Thanks

James

Everyone's tags (5)
3 REPLIES

Cisco EasyVPN Client Internet Access

hi james,

could you try:

Router(config)#ip access-list extended SPLIT-TUNNEL

Router(config-ext-nacl)#permit ip 10.0.0.0 0.255.255.255 any

Router(config)#crypto isakmp client configuration RemoteUsers

Router(config-isakmp-group)#acl SPLIT-TUNNEL

New Member

Re: Cisco EasyVPN Client Internet Access

Hi,

Thanks,I've read that adding a split tunnel will stop my iphone vpn from working? I wanted all vpn traffic to be routed through the tunnel including Internet traffic.




Sent from Cisco Technical Support iPad App

Re: Cisco EasyVPN Client Internet Access

Hi James,

Split tunnelling will just protect "interesting" traffic matched by the ACL and send it to the VPN tunnel. Other network traffic will be routed as per normal.

It is not advisable to include Internet traffic as this will put your private network at risk and also cause a congestion to your VPN connection.

Sent from Cisco Technical Support iPhone App

437
Views
0
Helpful
3
Replies