cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
259
Views
0
Helpful
0
Replies
Highlighted
Beginner

Not able to connect to internet after Tunnel is establishing for Remote Access VPN client. Lan is accessible though?

Hi,

I am using cisco 1811 router. I have configured Remote access VPN from Site to client (Using Shrewsoft VPN Client ) and Site to Site VPN on same physical interface. Both VPN are working but the remote access clients can only access the lan but no internet after connection. Is there something to change in my ACLs to set up split tunnel for those clients?  Looking for split tunnel please!

I am also posting my router config:


Building configuration...

Current configuration : 3737 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 .
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
!
ip dhcp pool Data
  network 192.168.240.0 255.255.255.0
  domain-name Datadhcp.com
  dns-server 8.8.8.8 8.8.4.4
  default-router 192.168.240.1
!
ip dhcp pool Voice
  network 192.168.140.0 255.255.255.0
  default-router 192.168.140.1
  dns-server 8.8.8.8 8.8.4.4
  domain-name Voicedhcp.com
!
!
ip cef
ip domain name sistech.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!

username abc password 0 abc

!
!
crypto isakmp policy 10
 authentication pre-share
!
crypto isakmp policy 110
 encr 3des
 authentication pre-share
 group 2
 lifetime 28800
crypto isakmp key abc address 1.2.3.4
crypto isakmp key abc address 0.0.0.0 0.0.0.0
crypto isakmp client configuration address-pool local VPN_CLIENT_POOL
!
!
crypto ipsec transform-set SISTECHSET esp-aes 256 esp-sha-hmac
crypto ipsec transform-set SISTECH_OWN_VPN esp-des esp-sha-hmac
!
crypto dynamic-map EXT_DYNAMIC_MAP 10
 set transform-set SISTECH_OWN_VPN
!
!
!
crypto map IPSEC-SITE-TO-SITE-VPN client configuration address initiate
crypto map IPSEC-SITE-TO-SITE-VPN client configuration address respond
crypto map IPSEC-SITE-TO-SITE-VPN 110 ipsec-isakmp
 set peer 1.2.3.4
 set transform-set SISTECHSET
 match address VPN-SISTECH
!

crypto map IPSEC-SITE-TO-SITE-VPN 10 ipsec-isakmp dynamic EXT_DYNAMIC_MAP

 archive
 log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
 ip address 5.6.7.8 255.255.255.224
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 crypto map IPSEC-SITE-TO-SITE-VPN
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet2
 switchport mode trunk
!
interface FastEthernet3
 switchport access vlan 240
!
interface FastEthernet4
 switchport access vlan 140
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
 no ip address
!
interface Vlan50
 ip address 192.168.50.7 255.255.255.0
!
interface Vlan140
 description Voice_vlan
 ip address 192.168.140.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Vlan240
 description Data_Vlan
 ip address 192.168.240.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Async1
 no ip address
 encapsulation slip
!
ip local pool VPN_CLIENT_POOL 10.240.0.0 10.240.0.127
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 6.7.8.9
no ip http server
no ip http secure-server
!
!
ip nat inside source static udp 192.168.240.5 5514 interface FastEthernet0 5514
ip nat inside source static tcp 192.168.240.5 514 interface FastEthernet0 514
ip nat inside source list 111 interface FastEthernet0 overload
!
ip access-list extended VPN-SISTECH
 permit ip 192.168.240.0 0.0.0.255 192.168.1.0 0.0.0.255
!
access-list 101 permit udp host 192.168.240.5 range 5535 49152 any
access-list 101 permit udp host 192.168.240.5 range 5065 5080 any
access-list 111 deny   ip 192.168.240.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 111 deny   ip 192.168.240.0 0.0.0.255 10.240.0.0 0.0.0.127
access-list 111 permit ip 192.168.240.0 0.0.0.255 any
!
!
!
!
route-map MAP permit 10
 match ip address 101
!
!
!
control-plane
!
!
line con 0
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 password abc
 login local
 transport input ssh

Really appreciate  the help!

Regards,

CreatePlease to create content
Ask the Expert- Webex Hybrid Services Solutions