Solved

Cisco ROUTER, l2tp vpn CLIENT, with split tunnel with isolated vpn clients

Posted on 2014-03-07
4
1,420 Views
Last Modified: 2014-04-29
I have a 2811 running ios 15.x.  Note, this is NOT an ASA, so the split-tunnel option is not available to me.  

Internal LAN: 10.0.250.0/24
VPN clients: 10.0.249.0/24

How do I configure split tunnel so I can access the 10.0.249.x VPN clients can access the 10.0.250.0/24 subnet, without using the router as the remote gateway for other Internet traffic?

If I am able to ping 10.0.250.10, I also end up using the router's gateway for all traffic from a VPN client.

If I uncheck "Use default gateway" in the IP Settings for the VPN connection (using Windows client), I can ping the VPN gateway (10.0.249.1), but I can't get to 10.0.250.0/24.

I'm trying to accomplish this without forcing users to manually add/delete routes on their local PC.
0
Comment
Question by:snowdog_2112
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 39914631
Unfortunately, L2TP access VPNs just don't have that functionality. You can either direct all traffic across the VPN or split tunnel across a classful boundary, but there are no other options available short of manipulating routes at the client side.

Based on your requirements, I would consider using the AnyConnect SSL VPN client instead. It will give you full split tunneling capability and requires almost no configuration of client machines. The client software even installs itself when the user makes initial connection.
0
 

Author Comment

by:snowdog_2112
ID: 39917858
Is there a doc on configuring AnyConnect on the IOS Router (I've done several on ASA's, but clearly the config is different vis a vis RA-Clients between ASA and IOS).
0
 
LVL 22

Accepted Solution

by:
Jody Lemoine earned 500 total points
ID: 39922325
Cisco has a really good document that includes both AnyConnect VPN configuration and Zone-based Policy Firewall configuration here:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-vpn-client/111891-anyconnect-ios-zbpf-config.html
0
 

Author Closing Comment

by:snowdog_2112
ID: 40030899
haven't had a chance to try it out.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question