Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2048
Views
0
Helpful
19
Replies

LT2P vpn configuration on cisco asa with windows/mac machine internet problem

Go to solution
jvalin__s
Level 1
Level 1

‎05-02-2010 10:21 PM

Dear All,

I have successfully configured L2TP vpn configuration on asa 5510 with 8.0(4) version of IOS.

When I connect using this vpn my internet doesnt work. Even if I give proxy or dns or I remove proxy

It doesnt work. only the resources behind the firewall I can access. I am using extended access-list

I tried with standard access-list also.

Kindly please suggest as what mistake could be.

Thanks

Jv

Labels:
0 Helpful
19 Replies 19

Go to solution
jvalin__s
Level 1
Level 1
In response to Jennifer Halim

‎05-03-2010 05:18 AM

I think I should add 192.168.0.0/16

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to jvalin__s

‎05-03-2010 05:22 AM

No, what i mean is change the ip pool mask from /24 to /16 on the ASA as follows:

ip local pool 192.168.205.1-192.168.205.254 mask 255.255.0.0

0 Helpful

Go to solution
jvalin__s
Level 1
Level 1
In response to Jennifer Halim

‎05-03-2010 05:24 AM

yes I got your point but what difference will it make??

Regards,

0 Helpful

Go to solution
jvalin__s
Level 1
Level 1
In response to jvalin__s

‎05-03-2010 05:48 AM

halijenn,

once i configure the nat exempt in the firewall it will automatically convert it to 192.168.0.0/16

actually I want this solution for mac basically but I thought if I can solve first on windows it will be easy for mac.

I dont think it is possible for windows too.

After connecting the l2tp vpn I can see 2 default routes one pointing to the vpn gateway and one pointing to original machine gateway with increased metric

Regards

Jvalin

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to jvalin__s

‎05-03-2010 05:54 AM

If you change the mask to /16, it would appear as 192.168.0.0 once you are connected, and that route should point towards the vpn gateway. If you uncheck the "Use default gateway on remote network" option, then the default gateway would be your original machine gateway.

So because 192.168.0.0/16 points towards the vpn gateway, when you try to access your corporate internal networks which is in the 192.168.x.x/24 subnet range, it will be routed towards the vpn gateway. For everything else, it would route towards the original machine gateway.

With this solution, you don't even have to add any routes on the client pc.

0 Helpful
Customers Also Viewed These Support Documents