03-11-2017 04:40 AM
I have the ISR G2 2921/K9 router, and I setup the SSL VPN on it. the user can connect to it, also user can access internet, but they cannot access the specified LAN through tunnel. Any advice? Thanks in advance!
Solved! Go to Solution.
03-11-2017 07:59 AM
03-12-2017 03:11 AM
Well, for NAT it depends ...
If you are using Split-tunnel, then there won't be any traffic flowing from VPN-client to the outside network. In that case you don't need any "ip nat" on the template-interface. But if you need it for any other use, it for sure has to be configured correctly.
03-11-2017 07:59 AM
03-11-2017 11:29 PM
Hi Karsten,
1. I have a ZBFW, which allow vpn traffic from WAN to LAN;
2. as for the VPN examption, I have one deny from internal LAN networks to VPN networks;
3. I use split tunnel, and the client can browse internet without any problem.
4. I also create a virtual template 1 interface , and then put ip unnumbered [WAN interface].
Any ideas? Thanks inadvance!
03-12-2017 01:36 AM
Thanks. I got it working. I should enable nat and firewall setting on virtual template interface.
03-12-2017 03:11 AM
Well, for NAT it depends ...
If you are using Split-tunnel, then there won't be any traffic flowing from VPN-client to the outside network. In that case you don't need any "ip nat" on the template-interface. But if you need it for any other use, it for sure has to be configured correctly.
03-12-2017 03:14 AM
Hi Karsten, Thank you very much for the reply. You are 100% right. I have removed the "ip nat" config on virtual template interface. :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide