Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cisco Client VPN

Posted on 2007-03-30
5
277 Views
Last Modified: 2010-04-09
We have users using cisco client VPN to connect to our PIX 506E

when connected they cannot access the internet.

I know theres a fix somewhere in the config for this - anyone know what it is thanks?
0
Comment
Question by:chouckham
  • 3
5 Comments
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 200 total points
ID: 18823361
By default the Cisco client is configured to not allow "Split-tunneling". This isolates your local network from the VPN, and therefore the corporate network, as an important security feature. As a result it also blocks your local access to the Internet.
Split-tunneling can be enabled, but it has to be done by on the PIX, by the Cisco administrator. It is not recommended.
If you are the admin and looking for the commands somebody else will be along to assist. I am not a "Cisco guy".
0
 
LVL 3

Author Comment

by:chouckham
ID: 18823391
RobWill - thanks - (ill split the solution to give you some of the points.)

Yeah i thought this would be the feature i was looking for. "split-tunneling"

Any one know how to set this up? thanks
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18823489
Hang tight, I'm sure someone will be around. It's fairly straight forward, but I don't have a grasp of the commands, and some differ with different OS's.
0
 
LVL 10

Accepted Solution

by:
Sorenson earned 300 total points
ID: 18823624
If this is the only VPN that the pix has on it, then you can use the ACL that is configured for the nat (inside) 0 command to configure the split tunneling.


vpngroup xxxxxxx split-tunnel   access-listnamenumberfromnat0

or if you have multiple vpns and only the split tunnel for this specific group, create an acl
!
access-list splittun permit ip x.x.x.x 255.255.255.0  z.z.z.z 255.255.255.0
!
replace x.x.x.x with your internal subnets, and z.z.z.z with your ip pool addresses (adjust mask lengths to be the correct ones :)  )  add multiple lines for multiple inside subnets.  Then:
!
vpngroup xxxxx split-tunnel splittun
!
hope that helps!



0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18835794
Thanks chouckham,
Cheers !
--Rob
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Internet Connection -- PING testing ? 1 41
Cisco Router Security Commands. 2 31
Swapping port on a  Cisco 5510 firewall 1 19
Cisco RV042G 4 6
Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question