Re: Can't see secondary subnet with VPN Client/Concentrator

anorton200 · ‎08-25-2005

I use client version 4.6.02.001 with a Cisco 3000 Concentrator. My users currently connect fine to the network and can see all the computers and servers on 10.3.1.x. I also want them to see a second subnet of 10.3.3.x. I have a pool assignment on the Concentrator that they get a local ip of 10.3.1.X. I checked the default gateway on the Concentrator and it is correct (the same as a pc on the LAN). The PC's on the lAN can see the second subnet but the VpN tunnels cannot.

Here is a layout

LAN-->LANSW-->VPN-->INTSW-->Router

Yes the VPN device bypasses the firewall which is a Cisco PIX 515E.

Any ideas as to how I can fix this?

Any help is much appreciated.

jackko · ‎08-25-2005

is the topology below correct?

remote vpn user <--> www <--> concentrator <--> lan A <--> router (the default gateway?)<--> lan B

first you need to verify if there is any filter applied on the concentrator.

then whether split tunnel has been configured and if so, then you need to add the second subnet to the network list.

also please check the default gateway device, assuming it's a router, whether the router has a route back to the remote vpn pool.

anorton200 · ‎08-26-2005

VPN User <-> WWW <-> Concentrator <-> LAN A <-> PIX <-> LAN B

We use the interfaces on the PIX between subnets. The default gateway is the 3750 switch we have installed in our stack.

How do you enable split tunneling or check to see if it is running?

Thanks