Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
279
Views
0
Helpful
2
Replies

split-tunneling - accessing internet problem

mborgul
Level 1
Level 1

‎06-20-2004 01:52 PM - edited ‎03-09-2019 07:47 AM

Hello,

I'm trying to configure vpn split-tunneling. Now I have access to central office network via dial-up connection, but I can't browse internet sites.

I use cisco secure vpn client ver 3.6.6(a) and C1750 as a vpn server.

I have configured vpn connection in following way(conf regarding vpn below)

access-list wyjscie_VPN permit ip 10.0.0.0 255.255.255.0 192.168.99.0 255.255.255.0

global (outside) 1 interface

nat (inside) 0 access-list wyjscie_VPN

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 x.x.x.x

sysopt connection permit-ipsec

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set ESP-3DES-MD5

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap client configuration address initiate

crypto map mymap client configuration address respond

crypto map mymap interface outside

isakmp enable outside

isakmp key ******** address 0.0.0.0 netmask 0.0.0.0

isakmp identity address

isakmp client configuration address-pool local bigpool outside

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption 3des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

vpngroup vpn3000-all address-pool bigpool

vpngroup vpn3000-all dns-server 194.204.169.9

vpngroup vpn3000-all split-tunnel wyjscie_VPN

vpngroup vpn3000-all idle-time 1800

Could anyone tell me where is the problem?

Thanks in advance

Michal Borgul

Labels:
0 Helpful
2 Replies 2

mostiguy
Level 6
Level 6

‎06-21-2004 05:58 AM

Who runs the DNS server 194.204.169.9?

At my office, i dropped to a cmd prompt, did a nslookup, set server to that ip, and got timeouts. If that server restricts functionality to certain IP address spaces, that would explain your problem - if I configured my desktop here to use that as a DNS server, I would have effectively no "internet access" as name resolution would be broken.

You could try removing the vpngroup... dns... command, as without it, I believe vpn clients should then continue to use whatever their existing dns settings are

0 Helpful

mborgul
Level 1
Level 1
In response to mostiguy

‎06-21-2004 07:38 AM

it's address of dns server our national provider. I have tried with other name servers...but it doesn't helped.

I have removed command regarding dns server configuration. And problem still exists.

In vpn client I can see (in statistics) that following networks are secured:

network subnet

0.0.0.0 0.0.0.0

x.x.x.x 255.255.255.255

Where x.x.x.x is my pix outside interface.

Is that correct? Especially my question is about first network. Generally it means last resort route.

Michal

0 Helpful
Customers Also Viewed These Support Documents