
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2017 04:40 AM
I have the ISR G2 2921/K9 router, and I setup the SSL VPN on it. the user can connect to it, also user can access internet, but they cannot access the specified LAN through tunnel. Any advice? Thanks in advance!
Solved! Go to Solution.
- Labels:
-
Remote Access
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2017 07:59 AM
- Does your network route the VPN-Pool to this router?
- Is your Split-Tunnel (if used) configured to include the local LAN?
- Any Access-Control in place?
- Have you exempted the VPN-traffic from NAT?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-12-2017 03:11 AM
Well, for NAT it depends ...
If you are using Split-tunnel, then there won't be any traffic flowing from VPN-client to the outside network. In that case you don't need any "ip nat" on the template-interface. But if you need it for any other use, it for sure has to be configured correctly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2017 07:59 AM
- Does your network route the VPN-Pool to this router?
- Is your Split-Tunnel (if used) configured to include the local LAN?
- Any Access-Control in place?
- Have you exempted the VPN-traffic from NAT?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2017 11:29 PM
Hi Karsten,
1. I have a ZBFW, which allow vpn traffic from WAN to LAN;
2. as for the VPN examption, I have one deny from internal LAN networks to VPN networks;
3. I use split tunnel, and the client can browse internet without any problem.
4. I also create a virtual template 1 interface , and then put ip unnumbered [WAN interface].
Any ideas? Thanks inadvance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-12-2017 01:36 AM
Thanks. I got it working. I should enable nat and firewall setting on virtual template interface.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-12-2017 03:11 AM
Well, for NAT it depends ...
If you are using Split-tunnel, then there won't be any traffic flowing from VPN-client to the outside network. In that case you don't need any "ip nat" on the template-interface. But if you need it for any other use, it for sure has to be configured correctly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-12-2017 03:14 AM
Hi Karsten, Thank you very much for the reply. You are 100% right. I have removed the "ip nat" config on virtual template interface. :)
