chrisglissman
asked on
cisco vpn 3005 vpn conentrator
i have a cisco vpn 3005 and how do i set up split tunneling
any help would be great.
any help would be great.
ASKER
also do u know how to set up the conentrator to allow to ping the dns names of my internal network??
my local address of my network is 10.0.1.x/24 and my conentrator is handing out 10.0.2.x/24 to all my vpn clients.
when i vpn to the network i can browse the internet but cannot access any local server or exchange server on my laptop..
thanks for the help
my local address of my network is 10.0.1.x/24 and my conentrator is handing out 10.0.2.x/24 to all my vpn clients.
when i vpn to the network i can browse the internet but cannot access any local server or exchange server on my laptop..
thanks for the help
What is the local default gateway on the network you are trying to access? Is it the VPN Concentrator or something else?
If it is something else, does "it" have a route for the 10.0.2.x/24 network pointing to the VPN3005 inside IP?
If it is something else, does "it" have a route for the 10.0.2.x/24 network pointing to the VPN3005 inside IP?
ASKER
here is what i have set up on my network
my local computer in my office are on ip subnet 10.0.1.x with a defualt gatway of 10.0.1.2
on my vpn clients they are on subnet 10.0.2.x with a defualt gateway of 10.0.2.2
I have not added any rotes to anything on the conentrator..
my local computer in my office are on ip subnet 10.0.1.x with a defualt gatway of 10.0.1.2
on my vpn clients they are on subnet 10.0.2.x with a defualt gateway of 10.0.2.2
I have not added any rotes to anything on the conentrator..
What is the private IP address of the concentrator?
What is the device 10.0.1.2 ? Is it a firewall? This concentrator? Another router?
>n my vpn clients they are on subnet 10.0.2.x with a defualt gateway of 10.0.2.2
You should not have a tunnel default gateway setup for the VPN clients
What is the device 10.0.1.2 ? Is it a firewall? This concentrator? Another router?
>n my vpn clients they are on subnet 10.0.2.x with a defualt gateway of 10.0.2.2
You should not have a tunnel default gateway setup for the VPN clients
ASKER
the ip address of my consentrator is 10.0.1.7 and as far as the consentrator and the defulat gatway that is just handing it out when i do a ip config on the client machine..
the 10.0.1.2 address this is a isa server firewal wall it is also our gateway for all the local machines..
the 10.0.1.2 address this is a isa server firewal wall it is also our gateway for all the local machines..
Then the ISA server needs to have a route for the 10.0.2.0 network
C:\>route add -p 10.0.2.0 mask 255.255.255.0 10.0.1.7
C:\>route add -p 10.0.2.0 mask 255.255.255.0 10.0.1.7
ASKER
how to i get the consentrator to not hand out the 10.0.2.2 defualt gateway
Make sure there is no tunnel default gateway set in the routes section
Make sure you are using an address pool and the pool has the appropriate mask
Make sure you are using an address pool and the pool has the appropriate mask
ASKER
i am not getting assiged any defualt gateway from the vpn client i just do not understand when i vpn into the 3005 box i cannot ping its ip address or the server names or workstations on my local network.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Configuration | Policy Management | Traffic Management , Network Lists
Add new list, call it something like SPLIT_TUNNEL_LIST
Enter all of your internal networks/mask, or click Generate Local List
Then, in Configuration | user Management | Base Group, Client config tab, Common Client Parameters
Split Tunneling Policy (*) only tunnel networks in list
Your SPLIT_TUNNEL_LIST should show up in the dropdown list to select
Apply, save and done.