10-03-2006 01:08 AM - edited 02-21-2020 02:38 PM
I would like to create a VPN senario:
Home Client ==> Internet ==> VPN Server (Cisco 877) ==> Local Lan / this Works
and
Home Client ==> Internet ==> VPN Server (Cisco 877) ==> Internet (with the IP of the VPN Server go out with). / this dosent work, why?
I have the following Config
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration address-pool local SDM_POOL_1
!
crypto isakmp client configuration group office
key voip
dns <isp_dns>
pool SDM_POOL_1
acl 102
netmask 255.255.255.0
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
interface ATM0
no ip address
interface ATM0.1 point-to-point
pvc 8/48
pppoe-client dial-pool-number 1
!
interface Vlan1
ip address <lan address>
crypto map SDM_CMAP_1
!
interface Dialer0
ip address negotiated
crypto map SDM_CMAP_1
!
dialer-list 1 protocol ip permit
ip local pool SDM_POOL_1 10.1.1.1 10.1.1.100
!
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 102 remark SDM_ACL Category=4
access-list 102 permit ip <lan_subnet> any
hope you can help
Thank you
10-03-2006 02:31 AM
It doesnt work because access-list for split tunnel is configure only for your lan subnet you need change access-list 102
no access-list 102
access-list 102 permit ip any any
and all traffic from VPN client goes to VPN (including Internet traffic)
M.
Hope that helps rate if it does
10-03-2006 03:13 AM
Tried this already, it dosnt work. i think it is not related to split tunnel as the split tunnel mean to what ip's allow to split there connection and not to use the route of the internal network.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide