Solved

Cisco ROUTER, l2tp vpn CLIENT, with split tunnel with isolated vpn clients

Posted on 2014-03-07
4
1,361 Views
Last Modified: 2014-04-29
I have a 2811 running ios 15.x.  Note, this is NOT an ASA, so the split-tunnel option is not available to me.  

Internal LAN: 10.0.250.0/24
VPN clients: 10.0.249.0/24

How do I configure split tunnel so I can access the 10.0.249.x VPN clients can access the 10.0.250.0/24 subnet, without using the router as the remote gateway for other Internet traffic?

If I am able to ping 10.0.250.10, I also end up using the router's gateway for all traffic from a VPN client.

If I uncheck "Use default gateway" in the IP Settings for the VPN connection (using Windows client), I can ping the VPN gateway (10.0.249.1), but I can't get to 10.0.250.0/24.

I'm trying to accomplish this without forcing users to manually add/delete routes on their local PC.
0
Comment
Question by:snowdog_2112
  • 2
  • 2
4 Comments
 
LVL 22

Expert Comment

by:Jody Lemoine
Comment Utility
Unfortunately, L2TP access VPNs just don't have that functionality. You can either direct all traffic across the VPN or split tunnel across a classful boundary, but there are no other options available short of manipulating routes at the client side.

Based on your requirements, I would consider using the AnyConnect SSL VPN client instead. It will give you full split tunneling capability and requires almost no configuration of client machines. The client software even installs itself when the user makes initial connection.
0
 

Author Comment

by:snowdog_2112
Comment Utility
Is there a doc on configuring AnyConnect on the IOS Router (I've done several on ASA's, but clearly the config is different vis a vis RA-Clients between ASA and IOS).
0
 
LVL 22

Accepted Solution

by:
Jody Lemoine earned 500 total points
Comment Utility
Cisco has a really good document that includes both AnyConnect VPN configuration and Zone-based Policy Firewall configuration here:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-vpn-client/111891-anyconnect-ios-zbpf-config.html
0
 

Author Closing Comment

by:snowdog_2112
Comment Utility
haven't had a chance to try it out.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now