Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
839
Views
0
Helpful
9
Replies

Remote VPN

Go to solution
fmugambi
Spotlight
Spotlight

‎01-25-2024 03:31 AM

Hello Team,

Once connected to LAN, i have subnet=172.16.X.10. once i connect to remote vpn i get a 172.16.y.150 to access resources in data centre.

Question is why once connected to vpn I can no longer reach resources in 172.16.x.0/24 yet split tunnelling is configured?

Am using cisco FTD for the VPN.

Kindly assist.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aref Alsouqi
VIP
VIP

‎01-25-2024 04:26 AM

If split tunneling is configured and applied to the VPN connection profile you are using, and there is no VPN filter ACL applied then it should work. While you are connected to the VPN, please open up AnyConnect or Secure Client and then go to the cog icon at the bottom left, and then go to AnyConnect VPN tab on the left, and finally go to "Route Details" tab on the right. From there check the presented routes, you should see the protected and unprotected subnets in there. the 172.16.x.0/24 should show as unprotected. If you see 0.0.0.0/0 it means you are tunneling all traffic over the VPN. Also, you might find this link useful:

FMC AnyConnect SSL VPN | Blue Network Security (bluenetsec.com)

View solution in original post

0 Helpful
9 Replies 9

Go to solution
MHM Cisco World
VIP
VIP

‎01-25-2024 03:47 AM

Simple solution dont use same super net for both vpn pool and LAN

And also make sure of you have router and l3SW connect to ftd' make sure these device have route toward ftd for vpn pool.

This can happened if you use igp between ftd abd other device and igp summary the prefix 

MHM

0 Helpful

Go to solution
fmugambi
Spotlight
Spotlight
In response to MHM Cisco World

‎01-25-2024 04:16 AM

if the vpn pool changes to 172.30.x.x , does this solve my problem?

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to fmugambi

‎01-25-2024 04:24 AM

no you need to change to 192.x.x.x 
MHM

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP
In response to fmugambi

‎01-25-2024 04:34 AM

As long as the subnet 172.16.y.x is also a /24 subnet, then I don't believe you would need to change any IP as those are two separate subnets and they won't overlap with each other in any way.

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP

‎01-25-2024 04:26 AM

If split tunneling is configured and applied to the VPN connection profile you are using, and there is no VPN filter ACL applied then it should work. While you are connected to the VPN, please open up AnyConnect or Secure Client and then go to the cog icon at the bottom left, and then go to AnyConnect VPN tab on the left, and finally go to "Route Details" tab on the right. From there check the presented routes, you should see the protected and unprotected subnets in there. the 172.16.x.0/24 should show as unprotected. If you see 0.0.0.0/0 it means you are tunneling all traffic over the VPN. Also, you might find this link useful:

FMC AnyConnect SSL VPN | Blue Network Security (bluenetsec.com)

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎01-25-2024 05:02 AM

so what was issue here ?
MHM

0 Helpful

Go to solution
fmugambi
Spotlight
Spotlight
In response to MHM Cisco World

‎01-25-2024 11:15 PM

the overlapping of the subnets.

Had to make sure LAN subnet / supernet is not among the encrypted traffic routed on the tunnel.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to fmugambi

‎01-25-2024 11:57 PM

So in end you change supernet?

MHM

0 Helpful

Go to solution
fmugambi
Spotlight
Spotlight
In response to MHM Cisco World

‎01-26-2024 12:03 AM

Yes

0 Helpful
Customers Also Viewed These Support Documents