Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
275
Views
0
Helpful
3
Replies

3000 VPN Client thru network to internet ability

toddah
Level 1
Level 1

‎01-20-2005 07:14 AM - edited ‎02-21-2020 01:33 PM

Hi all,

I have a Cisco 3000 set up with 5 clients connecting to my network using IP/Sec from charter cable modems. Everything has been working fine for about a year. I have just been presented with a problem I am hoping you can help me with.I have always had "split tunneling" turned off and required them to log out of the VPN and go thru Charter to use the internet however they have recently installed an application that requires internet connectivity while they are connected to my SQL apps and I am unsure how to port them thru the VPN box and then on to the internet from inside my network. I am pertty sure it has to do with the gateway configurations from what I have read but it seem too simple. am I trying to make this too hard?

My network sits behind a PIX 515 and everyone inside now has full internet connectivity. The 3000 sits in parallel to the PIX and connects the cable modem users to my network. Any pointers or suggestions??

Labels:
0 Helpful
3 Replies 3

billy_vaughn
Level 1
Level 1

‎01-20-2005 12:28 PM

Once connected to your network thur vpn, they should be able to get to anything your normal users can get to. That is as long as you are not using filters to block certain types of traffic on the concentrator. From the 3000 can you ping devices on your internal network? Make sure your tunnel default gateway is set to the next hop on your internal network. Also make sure you have routes setup for your internal networks. Hope this helps.

0 Helpful

mitchell.ely
Level 1
Level 1
In response to billy_vaughn

‎05-11-2005 11:56 AM

I'm a bit late to join this thread, but I am seeing the same symptoms on a 3015 running 4.7 code. I've tracked it down to the concentrator using its own default gateway to route user traffic right back out its public interface (un-NAT'd, I might add). I could apply NAT to this on the concentrator, but I don't think it should be doing this.

Your point about setting the tunnel default gateway kind of makes sense, but the web configurator will not allow you to specify a next hop that isn't on the public interface, which is the crux of the problem. It comes down to my inability to configure routes that are specific to the client, namely the default route, as the concentrator's entire static route table is applied to the client. Is there some secret page in the group properties that can solve my issue? I have to be missing something obvious.

0 Helpful

mitchell.ely
Level 1
Level 1
In response to mitchell.ely

‎05-11-2005 02:38 PM

Solved this myself, and feel kind of dumb about it. I know that the default gateway dialog complained about changing the 'Tunnel Default Gateway' in previous attempts, but for some reason, it allowed me to set the TDG to a core router on the inside this time, and that fixed all the issues.

0 Helpful
Customers Also Viewed These Support Documents