Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Help with Easy VPN client split tunneling.

Can someone please help me with my config for Easy VPN Client split tunneling. At the moment when the VPN is up I have NO access to the Internet from any host.

Here's what I am attempting to do. I want only certain host to route all there traffic thou the tunnel and the remaining host to use the default route.

I created an object-group and access list with the hosts I want to route thou the VPN :-

object-group network VNPCLIENTS

description HOSTS ALLOWED ACCESS TO THE VPN

host 192.168.3.204

host 192.168.3.42

host 192.168.3.44

host 192.168.3.202

host 192.168.3.43

access-list 1 remark Internet access list

access-list 1 permit 192.168.3.0 0.0.0.255

access-list 101 remark Hosts allowed access to VPN

access-list 101 permit ip object-group VNPCLIENTS any

access-list 111 permit udp any any eq 3074

access-list 111 permit tcp any any eq 3074

access-list 111 permit udp any any eq 88

I Then applied the access list to the Virtual interface of the VPN in both directions:-

interface Virtual-Template1 type tunnel

no ip address

ip access-group 101 in

ip access-group 101 out

tunnel mode ipsec ipv4

Now when I connect to the VPN I have no access from any host to the Internet either thought the tunnel or not.

I must be doing something very wrong. Much appreciate any help.

Thanks

Gordon

168
Views
0
Helpful
0
Replies