Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1127
Views
0
Helpful
3
Replies

Internet connectivity wihtout Split Tunneling on 3005

jihealis
Level 1
Level 1

‎06-13-2003 07:36 PM - edited ‎02-20-2020 10:48 PM

I am running a 3005 and would like VPN clients to not use split tunneling and run all traffic, local LAN and Internet, through the VPN tunnel. Currently, I can get the local LAN traffic to work, but no Internet traffic is passing.

On the 3005 I have a default route pointing to the next hop of the outside interface, and I have a TDR pointing to the internal router. The route from the internal router to the Internet take a path out a different connection.

Can anyone help me with a configuration to make Internet connectivity work over non-split-tunnelling?

0 Helpful
3 Replies 3

gfullage
Cisco Employee
Cisco Employee

‎06-15-2003 08:05 PM

Does the internal router and the "other-path-to-the-Internet" device have a route for the VPN pool of addresses, that evenatually points back to the inside interface of the concentrator? If your VPN pool of addresses is a private subnet, are these packets being NAT'd thru the "other-path-to-the-Internet" device as they go out, otherwise they won't be able to be routed back.

I presume when you mention a TDR you're referring ot the Tunnel Default Gateway parameter in the concentrator, this should be pointing to the next hop on the inside network or straight to your "other-path-to-the-Internet" devices IP address if it's on the same inside subnet. You can then just add a static route for your whole inside network that points to the inside router.

0 Helpful

jihealis
Level 1
Level 1
In response to gfullage

‎06-16-2003 08:55 AM

The subnet for the VPN clients is private address space. The VPN concentrator has a direct connection to the internal router, and the inside interface is in the subnet of the client address space. The internal router shows the "client addresses" as "connected". The "other-path-to-the-Internet" device has a route back to the internal router, and is NAT'ing all traffic going out through it. However, it still does not work. Any further suggestions?

0 Helpful

jihealis
Level 1
Level 1
In response to gfullage

‎06-17-2003 08:31 AM

I'm beginning to wonder if the static default route on the 3005 pointing to the outside interface is what is causing my problem. I am thinking that the client machine looks up the address, the attempts to reach it, the 3005 decrypts the traffic and sends it along based on its routing information, which tells it to go right back out the outside interface.

But, if I point the static default route to the internal router would that cause another problem?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card