Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
956
Views
5
Helpful
1
Replies

Help with split tunneling w/ Cisco EZVPN Network Extension Mode

chrismayhewcanada
Level 1
Level 1

‎03-25-2013 11:05 AM

So, I have a Cisco SR520W  (Will be replaced by an ASA eventually) acting as a EZVPN Server, and a  Cisco 861 acting as an EZVPN client.  Also, I have a Cisco 2621  simulating the "Internet", with a virtual interfaces setup to simulate  internet sites.  The VPN tunnel works, and I can successfully route  traffic all over my network.  However, no matter what I do I cannot get  it to access the "Internet" correctly.  I can see that if I do route  packets to the "Internet", they are replied to with a non natted  destination IP (192.168.26.2, IP of my test computer).

The SR520W LAN interface is connected to my production network, and  routing all over it works correctly.  The WAN interfaces (fa4) of the  861 and SR520W are both connected to the Cisco 2621.  The configs of my  SR520W and 861 are as follows below.

Client:  http://pastebin.com/BUjMaWDL Server:  http://pastebin.com/4LB0bg1a "Internet 2621", in case it's relevant:  http://pastebin.com/LUCmqRCj

1 person had this problem
Labels:
0 Helpful
1 Reply 1

chrismayhewcanada
Level 1
Level 1

‎03-26-2013 08:14 AM

I have solved this, I have posted the relevent configs.  I'm aware that the WAN ip address isn't valid, but I scrambled it to protect my identity

http://pastebin.com/2LXuPr2c

http://pastebin.com/pRPujJbj

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents