Universal VPN Client?

mfistler · ‎06-08-2001

I have a question about the universal VPN client. I’ve used the Safenet IRE client in the past to connect to the PIX FW and 1700 series VPN devices. My question is can you change the address range the universal client encrypts data for. You will notice that it will encrypt data for network 0.0.0.0 mask 0.0.0.0, which is every packet. It has been my experience that you either VPN or surf the Internet, not both at the same time. With the IRE client it is possible to do this, am I missing a menu or setting in the new client?

Any thoughts? Cisco?

Thanks,

Michael T. Fistler

Cisco CCIE #4503

Sr. Systems Engineer, Networking Concepts, Inc.

pdentico · ‎06-12-2001

Did you set the vpngroup split tunnel option. I know it works on the PIX not so sure about the 1700 series router.

Have fun

brian.giaccone · ‎06-19-2001

You're right about the new client, unlike in the IRE client you could specify which traffic is to be protected by IPSEC. The new client 3.0 gets this information from the FW. You would create an access-list in the firewall and use the split-tunnel command. See example

access-list 180 permit ip 192.169.1.0 255.255.255.0 172.25.0.0 255.255.0.0

vpngroup your_vpn_group split-tunnel 180

Now only traffic to the FW will be encrypted. Regular internet traffic won't be encrypted.