Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1047
Views
0
Helpful
3
Replies

VPDN Command: No default Gateway?

adrian.h
Level 1
Level 1

‎08-29-2002 07:06 AM - edited ‎03-09-2019 12:06 AM

I finally got our PIX to authenticate PPTP sessions with our RADIUS server. However, this vpdn command seems to be lacking a command to assign the default gateway to clients, along with the DNS servers (that was the problem I was having). Am I just missing something? The only workaround is to enable in the client TCP/IP config, use default gateway on remote network. That means any client internet trafic passes out our T1. We don't want that since our T1 is a burstable service, meaning the more we use it, the more we pay. Any workarounds are appreciated.

TIA

Labels:
0 Helpful
3 Replies 3

paqiu
Level 1
Level 1

‎08-29-2002 04:42 PM

Hi,

1 If you assign the ip pool address to your PPTP client is part of your inside network ( for example : you inside network is 192.168.100.x/24 and your PPTP pool is 192.168.100.220 to 192.168.100.254), if you turn off 'use default gateway of remote network' setting, the split-tunnel will be working fine.

You do not need to do anything more.

2 If you assign the ip ppol address is different with your inside network,for example : you inside network is 192.168.100.x/24 and your PPTP pool is 192.168.1.1 to 192.168.1.254.

In spite of you turn off 'use default gateway of remote network' setting, you still need maually add static route when you connect with PPTP.

route add 192.168.100.0 mask 255.255.255.0

That is the only way to make PPTP split-tunnel working.

Because PPTP is Microsoft VPN protocol, we can not do too much for that.

Try to use Cisco unity VPN client, that is much handy in split-tunnel funcation.

Please check following URL for split tunnelling part:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/basclnt.htm

Best Regards,

Paul Qiu

0 Helpful

adrian.h
Level 1
Level 1
In response to paqiu

‎08-30-2002 05:30 AM

Thanks for your input. I had it set up like your #2 option : a different IP range, and went back to assigning the local pool a block from our internal lan IP settings. However, this still didn't work. I can authenticate, but that is all. This split tunnel seems to apply to the vpngroup command, which I am under the impression applies to IPSEC connections. Is this true? All the examples I find relate to that.

Using the CISCO client isn't an option at this point, as we would need to purchase it. We only have about 5 vpn users and that will be about all for some time.

Thanks !

0 Helpful

adrian.h
Level 1
Level 1
In response to adrian.h

‎08-30-2002 05:33 AM

Actually what I meant to sya was that it the CISCO documentation implies that the vpngroup is an extension to their client software, not just IPSEC. Is that true?

0 Helpful
Customers Also Viewed These Support Documents