an someone please help me with my config for Easy VPN Client split tunneling. At the moment when the VPN is up I have NO access to the Internet from any host.
Here’s what I am attempting to do. I want only certain host to route all there traffic thou the tunnel and the remaining host to use the default route.
I created an object-group and access list with the hosts I want to route thou the VPN :-
object-group network VNPCLIENTS
description HOSTS ALLOWED ACCESS TO THE VPN
access-list 1 remark Internet access list
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 101 remark Hosts allowed access to VPN
access-list 101 permit ip object-group VNPCLIENTS any
access-list 111 permit udp any any eq 3074
access-list 111 permit tcp any any eq 3074
access-list 111 permit udp any any eq 88
I Then applied the access list to the Virtual interface of the VPN in both directions:-
interface Virtual-Template1 type tunnel
no ip address
ip access-group 101 in
ip access-group 101 out
tunnel mode ipsec ipv4
Now when I connect to the VPN I have no access from any host to the Internet either thought the tunnel or not.
I must be doing something very wrong. Much appreciate any help.