Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
521
Views
0
Helpful
2
Replies

VPN internet traffic issues L2TP Ipsec Cisco Pix 515e

parisvcisco
Level 1
Level 1

‎07-21-2014 06:58 AM - edited ‎02-21-2020 07:44 PM

We have a cisco 515 configured for L2TP over ipsec vpn.

Once connected we cannot browse the internet, we can ping internal network fine. If send all traffic through gateway is ticked on the client we still have the same issue.

We have a flat network so just firewall - layer 2 switches and a DHCP server is plugged into a switch.

VPN config from the switch:

group-policy MyGroup internal
group-policy MyGroup attributes
wins-server value 192.168.120.3 192.168.120.4
dns-server value 192.168.120.3 192.168.120.4
vpn-simultaneous-logins 30
vpn-session-timeout none
vpn-tunnel-protocol IPSec l2tp-ipsec 
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-tunnel
default-domain value my.domain.com
group-policy filter internal
group-policy filter attributes


tunnel-group MyGroup general-attributes
authentication-server-group vpn-auth
default-group-policy MyGroup
dhcp-server 192.168.120.4
tunnel-group MyGroup ipsec-attributes
tunnel-group MyGroup ppp-attributes
no authentication chap
authentication ms-chap-v2

 

Labels:
0 Helpful
2 Replies 2

nkarthikeyan
Level 7
Level 7

‎07-21-2014 09:02 AM

Hi,

Can you try changing the group-policy as tunnel all instead of tunnel specified in split-tunnel-policy.

 

Regards

Karthik

0 Helpful

parisvcisco
Level 1
Level 1
In response to nkarthikeyan

‎07-21-2014 10:12 AM

Thanks for pointing me in the right direction:

http://blog.soundtraining.net/2013/03/how-to-configure-split-tunneling-on.html

 

conf t

group-policy DefaultRAGroup attributes

split-tunnel-policy tunnelspecified

 

did the trick

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents