Announcement

Collapse
No announcement yet.

vpn user connected to 515e cannot use internet

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • vpn user connected to 515e cannot use internet

    Its pretty standard, user connects to vpn using cisco vpn client software (win xp), and can hit the server just fine, see files etc. But local internet surfing is impossible- disconnect from client and internet is perfect.

    I am lead to believe this is down to split-tunnel config, but don't know what to do to fix, - relevent bit of vpn config below... any ideas please?

    * also another suggestion I read about includes changing a setting in windows ...

    I don't seem to have an advanced option in network connections / tcpip to allow me to not use the remote gateway within my xp network settings to work around it.

    anyway here is the config from the pix 515e: (names change to protect the innocent)

    group-policy radius12 internal
    group-policy radius12 attributes
    wins-server value 192.168.0.254
    dns-server value 192.168.0.254
    vpn-idle-timeout 30
    split-tunnel-policy excludespecified
    split-tunnel-network-list value Local_LAN_Access default-domain value office.companydomain.local


    --- if any more info is needed please let me know.... help!!!

  • #2
    Re: vpn user connected to 515e cannot use internet

    The remote gateway options are in the properties of the VPN connection, not the TCP/IP properties.

    Comment


    • #3
      Re: vpn user connected to 515e cannot use internet

      ok, well that still doesn't help, would be nice as I could just point users to local gateway... but using cisco vpn client v5, and so no setting available unless someone can point me idiot style at this.

      pleeeease help meeeee.

      Comment


      • #4
        Re: vpn user connected to 515e cannot use internet

        This is what you will need:

        For example:

        access-list Split_Tunnel_Acl permit ip 192.168.1.0 255.255.255.0 any
        vpngroup <groupname> split-tunnel Split_Tunnel_Acl

        192.168.1.0 is the network behind the pix.
        CCNA, Network+

        Comment

        Working...
        X