Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco Vpn Client Not Assigned Default Gateway

Greetings, im having problems obtaining a default gateway for a vpn client.

IKE Phase 1 and 2 run through correctly and i have specified a split tunnel list for the inside network i wish to encrypt.

The inside networks consist of several sub interfaces which also route traffic between themselves, as advised by another member for this too work i have added a NAT exempt statement for the internal network as below.

interface Ethernet0/1

no nameif

no security-level

no ip address

!

interface Ethernet0/1.101

vlan 101

nameif access

security-level 100

ip address 172.29.255.1 255.255.255.0

!

interface Ethernet0/1.102

vlan 102

nameif voice

security-level 100

ip address 172.28.255.1 255.255.255.0

!

interface Ethernet0/1.103

vlan 103

nameif branch

security-level 100

ip address 172.27.255.1 255.255.255.0

!

interface Ethernet0/1.104

vlan 104

nameif remote

security-level 100

ip address 172.26.255.1 255.255.255.0

!

interface Ethernet0/1.998

vlan 998

nameif guest

security-level 25

ip address 172.30.255.1 255.255.255.0

!

interface Ethernet0/1.999

vlan 999

nameif native

security-level 100

ip address 172.31.255.1 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

access-list exempt_nat0_outbound extended permit ip 172.24.0.0 255.248.0.0 172.24.0.0 255.248.0.0

!

global (outside) 1 interface

nat (access) 0 access-list exempt_nat0_outbound

nat (access) 1 172.29.255.0 255.255.255.0

nat (voice) 0 access-list exempt_nat0_outbound

nat (branch) 0 access-list exempt_nat0_outbound

nat (remote) 0 access-list exempt_nat0_outbound

nat (guest) 1 172.30.255.0 255.255.255.0

nat (native) 0 access-list exempt_nat0_outbound

nat (native) 1 172.31.255.0 255.255.255.0

My split tunnel list includes just the "Access network" on 172.29.255.0/24, i have also tried removing all the NAT statements bar a single exempt for the access network.

Any suggestions would be most welcome.

2 REPLIES

Re: Cisco Vpn Client Not Assigned Default Gateway

When you connect and hav a sucessful VPN connection - you will not get a defagut gateway for the VPN connection, as the traffic is routed via the local virtual VPN adapter.

HTH.

New Member

Re: Cisco Vpn Client Not Assigned Default Gateway

Ah ok, makes sense, ill check back on the firewall and see if NAT is causing a problem.

Cheers for the response.

Regards

1644
Views
0
Helpful
2
Replies