Cisco VPN client - No Internet Traffic after connect

I am using VPN client vs. 4.0.1 to connect to my network. When I got connect to my network I loose connectivity to my local default gateway (ISP).

I understand that there is the concept of split-tunneling. I want to know how do I enable it in my connection. Do I need to update the VPN client or should I check the ‘Allow local LAN Access’ box?
Thx.

DF
LVL 1
delsofAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Robing66066Commented:
Typically split-tunneling is configured at the device that accepts the VPN connection, not the one that initiates it.  

This would be an example for a Cisco config:

  access-list split_tunnel_acl permit ip <local lan> mask <client subnet> mask
  vpngroup split-tunnel split_tunnel_acl
0
shahrialCommented:
If you're using Windows XP, did you upgrade to XP Service Pack 2 recently ?

XP Service Pack 2 have a problem with Cisco VPN Client.
Even the latest VPN Client V4.6 does not work with XP SP2. FYI...;-)
0
delsofAuthor Commented:
Should the command looks like this.
192.168.10.0 local lan
255.255.255.0 client subnet mask

access-list split_tunnel_acl permit ip 192.168.10.0 mask 255.255.255.0 mask
vpngroup split-tunnel split_tunnel_acl

Thx for the info about XP SP2. I got a few users with XP. I will tell them to use another OS to connect to the network.

DF

0
Robing66066Commented:
Actually, I think it should be the other way around for your network, so you want to define the traffc that you want to go to the VPN.  Everything else will just go straight to the Internet.

So, if your remote network is 10.0.0.0 mask 255.255.0.0, you would use:

access-list split_tunnel_acl permit ip 10.0.0.0 255.255.0.0 any
vpngroup <vpngroupname> split-tunnel split_tunnel_acl

If I've got this right, that should tell the VPN client to send any traffic destined for 10.x.x.x down the tunnel, but let the rest pass through to the Internet.

Good luck.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.