Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
202
Views
0
Helpful
1
Replies

VPN Client Internet Access fails with IOS router

Gerard Roy
Level 2
Level 2

‎04-11-2005 01:59 PM - edited ‎02-21-2020 01:42 PM

All,

I have a 1711 router and a 4.03a VPN client. I can connect and build a tunnel to the 1711 and ping devices on the LAN thru the tunnel. I am unable to access the local LAN of the VPN client workstation even though I have enabled LAN access checkbox in the client. I am unable to access the internet while the VPN client is active. How do I enable split tunneling and allow local LAN access to printers and shares?

Labels:
Preview file
6 KB
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎04-11-2005 05:01 PM

If you only want to enable encryption for the private subnet behind the router, and have all other traffic go out in the clear, do the following on your router:

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

crypto isakmp client configuration group VPNclients

acl 100

This should also allow you to get to your local printers/hosts, since only traffic for the 192.168.1.0 network will be encrypted now.

FYI, if you want to do a non-split tunnel configuration in the future, but still want to be able to get to your local hosts, you need to use the include-local-lan option under the VPN group config on the router in addition to checking the box under the VPN client GUI.

See http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/ftunity.htm for details.

0 Helpful
Customers Also Viewed These Support Documents