https://community.cisco.com/t5/network-security/vpn-concentrator-routing-problem/m-p/638989#M1054514 <HTML><HEAD></HEAD><BODY><P>hi</P><P>the first way to get over this problem is letting your clients specifying their own addresses, the downside of this method is weak security, so if the client address is spoofed by an attacker you ll be hacked too!!!</P><P>but to alleviate the risk you need to use a stronger authentification , or even aged password, One time password...</P><P></P><P>the second try the use of split tunneling in this you specify a network-list that holds all the network that your clients are allowed to reach, so any other traffic destined to other networks not belonging to the network-list will not be tunneled ,instead it will be send to the client default gateway.</P><P></P><P>HTH</P><P>Please do rate if it does help</P></BODY></HTML> Sun, 24 Dec 2006 20:11:05 GMT kamal-learn 2006-12-24T20:11:05Z https://community.cisco.com/t5/network-security/vpn-concentrator-routing-problem/m-p/638988#M1054513 <P>I am using a 3005 to terminate PPTP tunnels. I am handing out ip addresses to the client which are on the same subnet as the private interface. When Windows clients connect with the "use remote default-gateway" deselected (using the local default-gateway) the concentrator injects a route into the client of 10.0.0.0 via the tunnel. This is causing routing problems on the client's local network as both the local network and the subnet of the private interface are subnets within the 10.0.0.0 range. I have to assume this is configurable but I can't see how. Ideally I would want this route to be restricted to the range of subnets actually available on the remote network. How can I configure this?</P> Fri, 21 Feb 2020 09:21:21 GMT https://community.cisco.com/t5/network-security/vpn-concentrator-routing-problem/m-p/638988#M1054513 chrish 2020-02-21T09:21:21Z https://community.cisco.com/t5/network-security/vpn-concentrator-routing-problem/m-p/638989#M1054514 <HTML><HEAD></HEAD><BODY><P>hi</P><P>the first way to get over this problem is letting your clients specifying their own addresses, the downside of this method is weak security, so if the client address is spoofed by an attacker you ll be hacked too!!!</P><P>but to alleviate the risk you need to use a stronger authentification , or even aged password, One time password...</P><P></P><P>the second try the use of split tunneling in this you specify a network-list that holds all the network that your clients are allowed to reach, so any other traffic destined to other networks not belonging to the network-list will not be tunneled ,instead it will be send to the client default gateway.</P><P></P><P>HTH</P><P>Please do rate if it does help</P></BODY></HTML> Sun, 24 Dec 2006 20:11:05 GMT https://community.cisco.com/t5/network-security/vpn-concentrator-routing-problem/m-p/638989#M1054514 kamal-learn 2006-12-24T20:11:05Z https://community.cisco.com/t5/network-security/vpn-concentrator-routing-problem/m-p/638990#M1054515 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Try specifying a different pool for the remote users (ie 192.168.100.x) and create routing for this on your company pointing to the Concentrator.</P><P></P><P>Please rate if this helped.</P><P></P><P>Regards,</P><P>Daniel</P></BODY></HTML> Sun, 07 Jan 2007 10:18:41 GMT https://community.cisco.com/t5/network-security/vpn-concentrator-routing-problem/m-p/638990#M1054515 5220 2007-01-07T10:18:41Z