I need to configure a VPN3020 to tunnel everthing from RA clients except a specific internet subnet
So I need clients to access all networks except the a.b.c.d/24 network which I need them to access directly from their internet connection.
I have played with the split tunnel options but cannot get this to work.
The only way I can see is to set a tunnel list and list all possible networks except the a.b.c.d/24 network
there must be an easier way?
Are you using internal RFC1918 addresses on your inside network? Or internet routable internet addresses on your internal network?
We are now using a cloud based web filtering solution so clients at home need access to this directly from the laptop and also need vpn access to internal networks. I could tunnel only internal networks but that means clients could access everything on the internet. I only want to bypass the tunnel for a single internet routeable range.
OK - understood have you tried:-
1) Create the network list of the network you do not want to tunnel
2) Under the remote VPN profile goto "Client Config"
3) check "Tunnel Everything" and check "Allow networks IN list to BYPASS the tunnel"
I did that but when I bring up statistics it says secured routes 0.0.0.0 0.0.0.0
No networks showing in Local Lan?
I am in the right place then.....
Which bit? The Client config?
Where do I configure the exception?
I have the networks I do not want to tunnel in the Split Tunneling Network List.
Split Tunneling policy set to Tunnel Everything & allow networks in list to bypass tunnel is ticked.
However when connecing secured routes are 0.0.0.0 not local lan routes?
Thanks for the info, I have already tried to configure that and it achieves the result partly.
I specify the internal networks which get tunneled and everything else can go direct out the clients broadband however I want to limit what goes out direct to only a specific subnet.
For some reason the split tunnel policiy is not working.
So the only way I can see of achieving this is to create an Inside network list which consists of every network from 1-197 then every network from 199 - 255
Leaving out the required 197.*.*.* network which I want to route directly
Just need to get clever with the wildcard masks!
I have attached the screenshot again.
What you need to try is:-
1) Create a network list with 126.96.36.199 255.0.0.0
2) Configure on the clientConfig
Enable - Tunnel Everything
Enable - Allow the networks in the list to bypass the tunnel
Choose your network list in the "Split tunnel network list" for the 188.8.131.52
Then ALL traffic should be encrypted - except the 197.x.x.x
that is what I originally tried and it didn't work. So I was racking my brains trying something else.
I will revisit it again.
thanks for all your advice