Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco ROUTER, l2tp vpn CLIENT, with split tunnel with isolated vpn clients

Posted on 2014-03-07
4
Medium Priority
?
1,519 Views
Last Modified: 2014-04-29
I have a 2811 running ios 15.x.  Note, this is NOT an ASA, so the split-tunnel option is not available to me.  

Internal LAN: 10.0.250.0/24
VPN clients: 10.0.249.0/24

How do I configure split tunnel so I can access the 10.0.249.x VPN clients can access the 10.0.250.0/24 subnet, without using the router as the remote gateway for other Internet traffic?

If I am able to ping 10.0.250.10, I also end up using the router's gateway for all traffic from a VPN client.

If I uncheck "Use default gateway" in the IP Settings for the VPN connection (using Windows client), I can ping the VPN gateway (10.0.249.1), but I can't get to 10.0.250.0/24.

I'm trying to accomplish this without forcing users to manually add/delete routes on their local PC.
0
Comment
Question by:snowdog_2112
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 39914631
Unfortunately, L2TP access VPNs just don't have that functionality. You can either direct all traffic across the VPN or split tunnel across a classful boundary, but there are no other options available short of manipulating routes at the client side.

Based on your requirements, I would consider using the AnyConnect SSL VPN client instead. It will give you full split tunneling capability and requires almost no configuration of client machines. The client software even installs itself when the user makes initial connection.
0
 

Author Comment

by:snowdog_2112
ID: 39917858
Is there a doc on configuring AnyConnect on the IOS Router (I've done several on ASA's, but clearly the config is different vis a vis RA-Clients between ASA and IOS).
0
 
LVL 22

Accepted Solution

by:
Jody Lemoine earned 2000 total points
ID: 39922325
Cisco has a really good document that includes both AnyConnect VPN configuration and Zone-based Policy Firewall configuration here:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-vpn-client/111891-anyconnect-ios-zbpf-config.html
0
 

Author Closing Comment

by:snowdog_2112
ID: 40030899
haven't had a chance to try it out.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question