Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
532
Views
0
Helpful
3
Replies

No internet access when Eazy VPN tunnel is on

Go to solution
Master Blaster
Level 1
Level 1

‎08-19-2016 10:16 AM

Hello All,

I'm troubleshooting an internet issue on CISCO 800 series router

Router setup as an EZ VPN client

When EZ VPN tunnel is on I cant see any IP NAT translations and users cannot access web as well 

cannot ping from vlan 1

ping 8.8.8.8 source vlan 1 -failed

Ping and web access ok before configure the EZ VPN

much appreciate if someone could help me to resolve this annoying issue

I have attached  the config file and output here

thanks

 

Labels:
Preview file
4 KB
Preview file
1 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
S-Lemming
Level 1
Level 1

‎08-25-2016 03:45 AM

It looks like all traffic is going through the tunnel, for internet access you will need a NAT rule at the EZVPN server to translate the client-side network.

If you want internet traffic to use the local breakout you need to configure split-tunneling like pjain2 said.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
pjain2
Cisco Employee
Cisco Employee

‎08-24-2016 10:04 PM

what is the ezvpn server? If it is an ASA, do you have split-tunneling configured?

If there is full tunnel, then all the traffic including the internet traffic could be going through the vpn tunnel.

0 Helpful

Go to solution
Master Blaster
Level 1
Level 1
In response to pjain2

‎08-25-2016 07:53 AM

Hello all thanks for the comments .

VPN server is CISCO 881 router

all other VPN clients (routers and software VPN) working ok and I can see active NAT table on other routers and main router as well.

cant find any reason why this router not send traffic via correct interface.

I just changed Ez VPn client config  with nat allow command and I got internet access and NAT also start working through VPN . (this is not what I want).

anyway  still web pages not loading on browser but i can tracert form windows PC and nslookup also resolve DNS names.

trace route shows all traffic going through main router WAN interface .

could someone please let me know how to check split- tunneling config on main router

0 Helpful

Go to solution
S-Lemming
Level 1
Level 1

‎08-25-2016 03:45 AM

It looks like all traffic is going through the tunnel, for internet access you will need a NAT rule at the EZVPN server to translate the client-side network.

If you want internet traffic to use the local breakout you need to configure split-tunneling like pjain2 said.

0 Helpful
Customers Also Viewed These Support Documents