I have difficulties with configuring Remote IPSec VPN with Cisco ASA 5505 and Windows 7 native VPN client. My client PC gets VPN pool IP address, and can access remote network behind ASA, but then I lose my internet connectivity. I have read that this should be an issue with split tunneling, but I did as it is told here and no luck.
On Windows VPN Client settings, if I uncheck "use default gateway on remote network" I have internet connectivity (since client is using local gateway), but then, I cannot ping remote network.
In log, I see this warnings of this type:
Teardown TCP connection 256 for outside:192.168.150.1/49562 to outside:18.104.22.168/80 duration 0:00:00 bytes 0 Flow is a loopback (cisco)
I have attached my configuration file (without split-tunneling configuration I tried). If you need additional logs I'll send them right away.
I'm not entirely sure that Split tunneling works with the Windows Native Client (called L2TP over IPSec Client), if I'm not mistaken that's a limitation of the client.
But you might want to give it a try. Here's what you would need:
access-list split_tun standard permit 192.168.1.0 255.255.255.0
group-policy DefaultRAGroup attributes
split-tunnel-network-list value split_tun
If that still doesnt work then you migth want to either switch to the Cisco VPN client which does allow you to enable split tunneling or try to NAT the traffic for the Windows client thru your ASA (that will use your ASA's Internet connection provide the client with Internet access btw).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :