GET-IT: TEAMS DAY | 1-Day Free Virtual Conference all about Teams. Here on Petri.com - 8/12/20 GET-IT: TEAMS DAY - 8/12/20

Help with Easy VPN client split tunneling.

Home Forums Networking Cisco Security – PIX/ASA/VPN Help with Easy VPN client split tunneling.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    Hijinxx
    Member
    #162323

    an someone please help me with my config for Easy VPN Client split tunneling. At the moment when the VPN is up I have NO access to the Internet from any host.

    Here’s what I am attempting to do. I want only certain host to route all there traffic thou the tunnel and the remaining host to use the default route.

    I created an object-group and access list with the hosts I want to route thou the VPN :-

    object-group network VNPCLIENTS
    description HOSTS ALLOWED ACCESS TO THE VPN
    host 192.168.3.204
    host 192.168.3.42
    host 192.168.3.44
    host 192.168.3.202
    host 192.168.3.43

    access-list 1 remark Internet access list
    access-list 1 permit 192.168.3.0 0.0.0.255
    access-list 101 remark Hosts allowed access to VPN
    access-list 101 permit ip object-group VNPCLIENTS any
    access-list 111 permit udp any any eq 3074
    access-list 111 permit tcp any any eq 3074
    access-list 111 permit udp any any eq 88

    I Then applied the access list to the Virtual interface of the VPN in both directions:-

    interface Virtual-Template1 type tunnel
    no ip address
    ip access-group 101 in
    ip access-group 101 out
    tunnel mode ipsec ipv4

    Now when I connect to the VPN I have no access from any host to the Internet either thought the tunnel or not.

    I must be doing something very wrong. Much appreciate any help.

    Thanks

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.