[Last Call] Learn how to a build a cloud-first strategyRegister Now


Cisco VPN client - No Internet Traffic after connect

Posted on 2004-10-25
Medium Priority
Last Modified: 2013-11-16
I am using VPN client vs. 4.0.1 to connect to my network. When I got connect to my network I loose connectivity to my local default gateway (ISP).

I understand that there is the concept of split-tunneling. I want to know how do I enable it in my connection. Do I need to update the VPN client or should I check the ‘Allow local LAN Access’ box?

Question by:delsof
  • 2

Expert Comment

ID: 12401822
Typically split-tunneling is configured at the device that accepts the VPN connection, not the one that initiates it.  

This would be an example for a Cisco config:

  access-list split_tunnel_acl permit ip <local lan> mask <client subnet> mask
  vpngroup split-tunnel split_tunnel_acl

Expert Comment

ID: 12401936
If you're using Windows XP, did you upgrade to XP Service Pack 2 recently ?

XP Service Pack 2 have a problem with Cisco VPN Client.
Even the latest VPN Client V4.6 does not work with XP SP2. FYI...;-)

Author Comment

ID: 12402100
Should the command looks like this. local lan client subnet mask

access-list split_tunnel_acl permit ip mask mask
vpngroup split-tunnel split_tunnel_acl

Thx for the info about XP SP2. I got a few users with XP. I will tell them to use another OS to connect to the network.



Accepted Solution

Robing66066 earned 375 total points
ID: 12402238
Actually, I think it should be the other way around for your network, so you want to define the traffc that you want to go to the VPN.  Everything else will just go straight to the Internet.

So, if your remote network is mask, you would use:

access-list split_tunnel_acl permit ip any
vpngroup <vpngroupname> split-tunnel split_tunnel_acl

If I've got this right, that should tell the VPN client to send any traffic destined for 10.x.x.x down the tunnel, but let the rest pass through to the Internet.

Good luck.

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question