12-02-2002 04:20 PM - edited 02-21-2020 12:12 PM
I have a dsl account and when I vpn in to our network using cisco vpn client to vpn 3015 I cannot access the internet anymore locally. I have to use our network internal proxy server. Is there a way to do the vpn tunnel but also use the local DSL internet connection for browsing?
Solved! Go to Solution.
12-02-2002 04:32 PM
You need to set up split tunnelling, so that only certain packets are sent across the tunnel, the rest go out in the clear just as normal packets.
In the 3015 create a Network List under Config - Policy Mgmt - Traffic Mgmt - Network List, this list will include your internal networks (traffic you want to be tunnelled). Then go under the Group that the client is connecting to, under the Client Config tab, select Only tunnel networks in the list and select your list in the drop-down box. Reconnect and you're good to go.
Keep in mind split-tunnelling is considered somewhat of a security risk seeing as your PC is now accessable from the Internet AND you have a VPN straight into your internal network. If someone can take over your PC then they have access to everything. You might want to also look into enabling the client firewall stuff as well.
12-02-2002 04:32 PM
You need to set up split tunnelling, so that only certain packets are sent across the tunnel, the rest go out in the clear just as normal packets.
In the 3015 create a Network List under Config - Policy Mgmt - Traffic Mgmt - Network List, this list will include your internal networks (traffic you want to be tunnelled). Then go under the Group that the client is connecting to, under the Client Config tab, select Only tunnel networks in the list and select your list in the drop-down box. Reconnect and you're good to go.
Keep in mind split-tunnelling is considered somewhat of a security risk seeing as your PC is now accessable from the Internet AND you have a VPN straight into your internal network. If someone can take over your PC then they have access to everything. You might want to also look into enabling the client firewall stuff as well.
12-02-2002 04:47 PM
Thanks! I have enabled split tunneling and it works. You mentioned enabling the client firewall. HOw do you do this.
12-02-2002 07:34 PM
It's all in the documentation:
http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/3_6/config/usermgt.htm#xtocid43
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide