Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
605
Views
4
Helpful
7
Replies

Cisco VPN client with internet

Go to solution
mohamed sebaey
Level 1
Level 1

‎02-14-2015 07:52 AM

Hello

I have a big problem , we have implemented Cisco VPN client to allow connect from outside to our internal servers . My issue that all users get access to internet during using Cisco VPN client. We used split tunneling , but still all VPN clients get access to internet. Any advise to prevent internet access through VPN client.

 

 

Thanks

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mohamed sebaey

‎02-15-2015 11:23 AM

Earlier you said you were allowing split tunnel. Are you still doing that?

We'd need to see all of the VPN configuration - including any access-lists or objects it references - to provide complete guidance.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-15-2015 10:11 AM

The primary purpose of split tunneling is to allow the clients to access their local networks and maintain local Internet access.

If you don't want that then disable split tunneling and only give them routes to the servers or subnets that you want them to access while on VPN.

Go to solution
mohamed sebaey
Level 1
Level 1
In response to Marvin Rhoads

‎02-15-2015 10:17 AM

Thanks so much for your answer , but my issue regarding internet access through my campus by VPN. I need to prevent internet access within my campus by VPN . I need only VPN users to access servers and got limited access for internet.

 

 

Thanks

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mohamed sebaey

‎02-15-2015 10:39 AM

You can add a VPN filter to your remote access VPN configuration to restrict what address and services clients may access.

Here is a guide to that feature.

0 Helpful

Go to solution
mohamed sebaey
Level 1
Level 1
In response to Marvin Rhoads

‎02-15-2015 11:21 AM

Hello

 

i applied the below

access-list vpnfilt-ra extended permit ip 172.10.0.0 255.255.255.240 host 10.0.0.50
access-group vpnfilt-ra in interface outside 

 

but still vpn users able to access internet , how can i block internet access for vpn users.

Any help

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mohamed sebaey

‎02-15-2015 11:23 AM

Earlier you said you were allowing split tunnel. Are you still doing that?

We'd need to see all of the VPN configuration - including any access-lists or objects it references - to provide complete guidance.

0 Helpful

Go to solution
mohamed sebaey
Level 1
Level 1
In response to Marvin Rhoads

‎02-15-2015 11:50 AM

hello

 

thanks , i will delete split-tunnel and enable only vpn filter tunnel and i will share with you all configuration soon.

 

Thanks

 

0 Helpful

Go to solution
mohamed sebaey
Level 1
Level 1
In response to Marvin Rhoads

‎02-17-2015 09:05 PM

thanks a lot, now it is working as we need.

 

0 Helpful
Customers Also Viewed These Support Documents