Solved

cisco vpn 3005 vpn conentrator

Posted on 2008-10-14
11
258 Views
Last Modified: 2012-05-05
i have a cisco vpn 3005 and how do i set up split tunneling

any help would be great.
0
Comment
Question by:chrisglissman
  • 6
  • 5
11 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 22723075
First, create a network list
Configuration | Policy Management | Traffic Management , Network Lists

Add new list, call it something like SPLIT_TUNNEL_LIST
Enter all of your internal networks/mask, or click Generate Local List

Then, in Configuration | user Management | Base Group, Client config tab, Common Client Parameters
Split Tunneling Policy  (*) only tunnel networks in list
Your SPLIT_TUNNEL_LIST should show up in the dropdown list to select

Apply, save and done.

0
 

Author Comment

by:chrisglissman
ID: 22724712
also do u know how to set up the conentrator to allow to ping the dns names of my internal network??

my local address of my network is 10.0.1.x/24 and my conentrator is handing out 10.0.2.x/24 to all my vpn clients.

when i vpn to the network i can browse the internet but cannot access any local server or exchange server on my laptop..

thanks for the help
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22725070
What is the local default gateway on the network you are trying to access? Is it the VPN Concentrator or something else?
If it is something else, does "it" have a route for the 10.0.2.x/24 network pointing to the VPN3005 inside IP?
0
 

Author Comment

by:chrisglissman
ID: 22725439
here is what i have set up on my network


my local computer in my office are on ip subnet 10.0.1.x with a defualt gatway of 10.0.1.2

on my vpn clients they are on subnet 10.0.2.x with a defualt gateway of 10.0.2.2

I have not added any rotes to anything on the conentrator..
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22725732
What is the private IP address of the concentrator?
What is the device 10.0.1.2 ? Is it a firewall? This concentrator? Another router?

>n my vpn clients they are on subnet 10.0.2.x with a defualt gateway of 10.0.2.2
You should not have a tunnel default gateway setup for the VPN clients

0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:chrisglissman
ID: 22725762
the ip address of my consentrator is 10.0.1.7 and as far as the consentrator and the defulat gatway that is just handing it out when i do a ip config on the client machine..

the 10.0.1.2 address this is a isa server firewal wall it is also our gateway for all the local machines..
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22725802
Then the ISA server needs to have a route for the 10.0.2.0 network

C:\>route add -p 10.0.2.0 mask 255.255.255.0 10.0.1.7


0
 

Author Comment

by:chrisglissman
ID: 22725859
how to i get the consentrator to not hand out the 10.0.2.2 defualt gateway
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22725951
Make sure there is no tunnel default gateway set in the routes section
Make sure you are using an address pool and the pool has the appropriate mask

0
 

Author Comment

by:chrisglissman
ID: 22727730
i am not getting assiged any defualt gateway from the vpn client i just do not understand when i vpn into the 3005 box i cannot ping its ip address or the server names or workstations on my local network.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 50 total points
ID: 22727781
It could simply be the ISA server not configured correctly.
With so little information that you can provide, it is very difficult to help you.
Your original question was a simple 'how do I enable split-tunneling' and this sort of implied that it was working and you just wanted to change something. Obviously it is not working at all, never has, and you are expanding the scope of a simple question.
You really need a good onsite consultant to come in and provide direct support. The combination of VPN3005 and ISA can be a configuration nightmare depending on how each are configured.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VPN Problems 3 63
What is native VPN for RedHad Enterprise Linux and CentOS? 6 140
How to setup VPN onCisco RV016 8 49
Cisco ASA two factor VPN 3 50
Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now