IPSec VPN Access to Multiple Subnets

milkboy33 · ‎11-11-2011

Hi All,

This is our set up:

Client -> Router -> Core Switch -> Subnet 1

-> Subnet 2

Is there a way to configure the Router (and Client) to allow the Client access to both subnet 1 and 2 behind the Router/Core Switch in our company network? If so could you please provide some configuration examples.

The only solution I can think of is to disable the acl (thereby disabling split tunneling) and having all traffic from the Client go through the corporate network.

Thanks for any input!

Tom

vikz230884 · ‎11-14-2011

Hi Tom,

you are talking about the IPSEC VPN or RA VPN here ?

even if you have RA VPN, I think you just to add in split tunnel ACL :

permit any

no need to disable split tunneling, use split-tunnel-policy tunnelspecified option...

HTH,

Vikram

milkboy33 · ‎11-18-2011

The ACL was in place with the two subnets both defined.

...

I think the problem we have is that the router does have an IP on the second subnet so there it doesn't know it exists, which means vpn clients will not know how to get to this subnet as well.

My coworker and I are thinking about setting up a virtual IP on the inside interface for the second subnet and then trunk the port that this router is connected to on the switch.

Guess we'll have to see if can test this out. If this works out I'll come back and post the solution.