08-25-2005 12:11 PM - edited 02-21-2020 01:55 PM
I use client version 4.6.02.001 with a Cisco 3000 Concentrator. My users currently connect fine to the network and can see all the computers and servers on 10.3.1.x. I also want them to see a second subnet of 10.3.3.x. I have a pool assignment on the Concentrator that they get a local ip of 10.3.1.X. I checked the default gateway on the Concentrator and it is correct (the same as a pc on the LAN). The PC's on the lAN can see the second subnet but the VpN tunnels cannot.
Here is a layout
LAN-->LANSW-->VPN-->INTSW-->Router
Yes the VPN device bypasses the firewall which is a Cisco PIX 515E.
Any ideas as to how I can fix this?
Any help is much appreciated.
08-25-2005 10:22 PM
is the topology below correct?
remote vpn user <--> www <--> concentrator <--> lan A <--> router (the default gateway?)<--> lan B
first you need to verify if there is any filter applied on the concentrator.
then whether split tunnel has been configured and if so, then you need to add the second subnet to the network list.
also please check the default gateway device, assuming it's a router, whether the router has a route back to the remote vpn pool.
08-26-2005 03:13 AM
VPN User <-> WWW <-> Concentrator <-> LAN A <-> PIX <-> LAN B
We use the interfaces on the PIX between subnets. The default gateway is the 3750 switch we have installed in our stack.
How do you enable split tunneling or check to see if it is running?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide