1 Reply Latest reply on Apr 6, 2015 1:01 PM by noor

    No Split tunnel HELP

    trissa New Member

      Need some help with forcing internet traffic through VPN tunnel for remote client.  I am using shrew as the remote client.  Tunnel connect and passes traffic between private networks.  Tracert show public traffic going thru tunnel but not leaving remote gateway.

      Hoping someone can look at config and tell me what I am missing.

        • Re: No Split tunnel HELP



          Thanks for posting your question on the forum!


          You will need to modify your VPN selectors for the mobile VPN policy to reflect that internet traffic destined for the mobile VPN clients will be going over the VPN tunnel. Currently your VPN selectors look like this:


          ip access-list extended VPN-20-vpn-selectors3

            permit ip    log


          It should look like this:


          ip access-list extended VPN-20-vpn-selectors3

            permit ip any    log


          You will also need to create an ACL for outbound internet traffic from the mobile client:


          ip access-list extended VPN-REMOTE-INTERNET

            permit ip any

          The VPN client should also have as its destination network so that all traffic goes over the VPN tunnel.


          You will also need to modify the Public security zone to NAT the traffic coming over the VPN tunnel and going out to the internet.


          no ip policy-class PUBLIC rpf-check

          ip policy-class PUBLIC

            allow list VPN-20-vpn-selectors3

            nat source list VPN-REMOTE-INTERNET address <WAN IP address>


          Please do not hesitate to let us know if you have any questions.