surfing web while connected to cisco VPN. Using microsoft Windows XP/2000

Hi, whenever I am connected to the vpn, I find that I cannot browse the internet even though I have split tunnel turned on on the pix. I noticed that on the virtual cisco network adapter whenever it is connected  there is a default gateway that is added even though I am not specifying one on the cisco router, whenever i delete that default gateway from the virtual cisco network card on the pc, then I can both use the vpn and surf the internet. Can anyone offer me any advice on how to prevent this default gateway from being added to the TCP/IP setting on this network adapter? Your help would be greatly appreciated. Thanks
gbucci1Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Alan Huseyin KayahanConnect With a Mentor Commented:
try following
no access-list DO_NOT_NATDMZ extended permit ip any 172.16.2.0 255.255.255.0
access-list DO_NOT_NATDMZ extended permit ip any 172.20.2.0 255.255.255.0
0
 
Alan Huseyin KayahanCommented:
 Hi gbucci
     *At Cisco VPN client window, click modify for your connection, then click transport.
     *Check "Allow Local LAN Access" box below
     *Make sure that client's local IP pool and VPN pool are not in the same subnet
     *Make sure split tunneling is working correctly. To verify, right click VPN client icon at right-bottom when connected. Click Statistics, then click Route details tab. Make sure remote network that you split tunneled for is listed in right pane

Regards
     
0
 
gbucci1Author Commented:
Hi MrHusy,
        Thanks for your comment. Allow local LAN access was checked, still the same problem I notice that whenever I remove the default gateway that is inserted into the virtual network card that CIsco client installed everything works just fine for a short period of time and then, the gateway comes back.
I have included as an attachment a printout of the router's configuration and also a screen shot of the statistics screen of the vpn client. any help is greatly appreciated.
Here-is-a-printout-of-the-pix.doc
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
gbucci1Author Commented:
Can anyone offer a solution to this problem?  This would be greatly appreciated.
Thanks.
0
 
Alan Huseyin KayahanCommented:
First, use a pool that is not in same subnet with DMZ

ip local pool DMZVPN 172.20.2.1-172.20.2.254
tunnel-group Sales_group general-attributes
no address-pool DMZ_VPN
address-pool DMZVPN


access-list split_t permit ip 10.1.1.0 255.255.255.0 172.20.2.0 255.255.255.0
access-list split_t permit ip 172.16.0.0 255.255.255.0 172.20.2.0 255.255.255.0

group-policy Sales_group attributes
 no split-tunnel-network-list value DO_NOT_NATDMZ
split-tunnel-network-list value split_t
exit
 
0
 
gbucci1Author Commented:
I have entered the values you gave me and nowI can connect to the vpn and also browse the internet, howeve I cannot see anything on the DMZ side of the pix , I was able to see the server before. Any suggestions?
I am including the config for you review.
Thanks.
pix-config.txt
0
 
gbucci1Author Commented:
Thanks a lot for all your help.
0
 
Alan Huseyin KayahanCommented:
You are welcome :)
0
All Courses

From novice to tech pro — start learning today.