Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
712
Views
0
Helpful
4
Replies

Problems using VPN client 3.5.1

ovieira
Level 3
Level 3

‎09-26-2002 05:50 AM - edited ‎02-21-2020 12:05 PM

Hi!

I'm having some problems using the VPN Client with a dial-up Internet connection. When i start the VPN Client to access my company's LAN my regular Internet access goes unavailable. I think it mite be related with the MTU configuration but i'm not sure.

Regards,

Olindo

Labels:
0 Helpful
4 Replies 4

bhesk
Level 2
Level 2

‎09-26-2002 06:13 AM

Olindo

Probably nothing to do with MTU - more likely you haven't got split tunnelling enabled.

Be default Cisco VPN Head Ends publish a default route to their VPN clients - meaning that once the tunnel is active the client will send ALL traffic over the tunnel - including your normal Internet stuff. Thus you can access the Internal networks, but not the Internet.

Enabling split tunnelling allows you to only publish the Internal networks that the VPN Head End is protecting to the client - meaning that you can access these, and the Internet, at the same time.

Split runneling is supported on all VPN Head End platforms (IOS, VPN Concentrator, PIX) - and the configuration is slightly different for each. If you let me know what your head end is, I can give you some pointers.

Regards, Barry

0 Helpful

ovieira
Level 3
Level 3
In response to bhesk

‎09-26-2002 06:39 AM

Hi Barry!

First i'd like to thank for your reply. I have a PIX535 to receive the VPN tunnels.

Regards,

Olindo

0 Helpful

bhesk
Level 2
Level 2
In response to ovieira

‎09-26-2002 06:48 AM

Olindo

On the PIX you to configured something like this:

vpngroup vpnclient address-pool vpnpool

vpngroup vpnclient split-tunnel 101

vpngroup vpnclient idle-time 1800

vpngroup vpnclient password ********

!

access-list 101 permit ip 193.36.8.0 255.255.255.0 any

access-list 101 permit ip 193.36.10.0 255.255.255.0 any

The above would cause the PIX to only publish to the VPN client the 193.36.8.0 and 193.36.10.0 subnets. This means that the client will only tunnel traffic destined to these networks to the PIX - and will send any other traffic directly to the Internet.

Note that this does open the possibility of security exposures on your client - thus the use of a PC firewall product is strongly recommended.

Hope this helps.

Regards, Barry

0 Helpful

ovieira
Level 3
Level 3
In response to bhesk

‎10-02-2002 06:24 AM

I Barry!

It solved my problem.

Many thanks,

Olindo

0 Helpful
Customers Also Viewed These Support Documents