Cisco VPN client - No Internet Traffic after connect

Posted on 2004-10-25
Last Modified: 2013-11-16
I am using VPN client vs. 4.0.1 to connect to my network. When I got connect to my network I loose connectivity to my local default gateway (ISP).

I understand that there is the concept of split-tunneling. I want to know how do I enable it in my connection. Do I need to update the VPN client or should I check the ‘Allow local LAN Access’ box?

Question by:delsof
    LVL 7

    Expert Comment

    Typically split-tunneling is configured at the device that accepts the VPN connection, not the one that initiates it.  

    This would be an example for a Cisco config:

      access-list split_tunnel_acl permit ip <local lan> mask <client subnet> mask
      vpngroup split-tunnel split_tunnel_acl
    LVL 7

    Expert Comment

    If you're using Windows XP, did you upgrade to XP Service Pack 2 recently ?

    XP Service Pack 2 have a problem with Cisco VPN Client.
    Even the latest VPN Client V4.6 does not work with XP SP2. FYI...;-)
    LVL 1

    Author Comment

    Should the command looks like this. local lan client subnet mask

    access-list split_tunnel_acl permit ip mask mask
    vpngroup split-tunnel split_tunnel_acl

    Thx for the info about XP SP2. I got a few users with XP. I will tell them to use another OS to connect to the network.


    LVL 7

    Accepted Solution

    Actually, I think it should be the other way around for your network, so you want to define the traffc that you want to go to the VPN.  Everything else will just go straight to the Internet.

    So, if your remote network is mask, you would use:

    access-list split_tunnel_acl permit ip any
    vpngroup <vpngroupname> split-tunnel split_tunnel_acl

    If I've got this right, that should tell the VPN client to send any traffic destined for 10.x.x.x down the tunnel, but let the rest pass through to the Internet.

    Good luck.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    Suggested Solutions

    SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now