?
Solved

Cisco ROUTER, l2tp vpn CLIENT, with split tunnel with isolated vpn clients

Posted on 2014-03-07
4
Medium Priority
?
1,473 Views
Last Modified: 2014-04-29
I have a 2811 running ios 15.x.  Note, this is NOT an ASA, so the split-tunnel option is not available to me.  

Internal LAN: 10.0.250.0/24
VPN clients: 10.0.249.0/24

How do I configure split tunnel so I can access the 10.0.249.x VPN clients can access the 10.0.250.0/24 subnet, without using the router as the remote gateway for other Internet traffic?

If I am able to ping 10.0.250.10, I also end up using the router's gateway for all traffic from a VPN client.

If I uncheck "Use default gateway" in the IP Settings for the VPN connection (using Windows client), I can ping the VPN gateway (10.0.249.1), but I can't get to 10.0.250.0/24.

I'm trying to accomplish this without forcing users to manually add/delete routes on their local PC.
0
Comment
Question by:snowdog_2112
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 39914631
Unfortunately, L2TP access VPNs just don't have that functionality. You can either direct all traffic across the VPN or split tunnel across a classful boundary, but there are no other options available short of manipulating routes at the client side.

Based on your requirements, I would consider using the AnyConnect SSL VPN client instead. It will give you full split tunneling capability and requires almost no configuration of client machines. The client software even installs itself when the user makes initial connection.
0
 

Author Comment

by:snowdog_2112
ID: 39917858
Is there a doc on configuring AnyConnect on the IOS Router (I've done several on ASA's, but clearly the config is different vis a vis RA-Clients between ASA and IOS).
0
 
LVL 22

Accepted Solution

by:
Jody Lemoine earned 2000 total points
ID: 39922325
Cisco has a really good document that includes both AnyConnect VPN configuration and Zone-based Policy Firewall configuration here:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-vpn-client/111891-anyconnect-ios-zbpf-config.html
0
 

Author Closing Comment

by:snowdog_2112
ID: 40030899
haven't had a chance to try it out.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question