cancel
Showing results for 
Search instead for 
Did you mean: 

Network connect; Split tunneling, default gateway questions

groque_
Occasional Contributor

Network connect; Split tunneling, default gateway questions

Hi all,

I got network connect to work today but I don't think I got it to work properly. When I connect and launch the client I get put on the 172.16.99.0/24 network (network assigned to my DMZ port). I can ping devices in the 172.16.99.0 network but I cant ping any devices that are located in the trusted zone.

For example my LDAP/Radius server is located in my server VLAN (172.16.50.0) the IP address is 172.16.50.1. When I VPN in my LDAP server can ping my computer but I cant ping the LDAP server.

When I do an IPCONFIG I do not see a default gateway all I see is my IP and subnet. I did enable split-tunneling but when I do a traceroute to 172.16.50.1 its going out to my ISP not to the GW 172.16.99.254(IP of the SSG340 DMZ port).

I checked my policies on my 350M and I have a policy which allows the DMZ access to the Trusted Zone and vice versa but I still can't ping.

Am I missing something here? I am not to sure if the gateway is supposed to be blank this is my first time configuring remote access VPN.

Thanks for the responses.

Cheers
1 REPLY 1
gamer004_
Contributor

Re: Network connect; Split tunneling, default gateway questions

When using NC in split tunneling mode checks these items:

1. Under network-Network connect specify the IP pool for remote clients. This ip pool should be unique on your internal network.

2. Route the NC pool on you internal network towards the internal interface of your IVE

3. Create a NC profile to use the NC IP pool

4. Specify for which internal networks NC will perform VPN ( this is split tunneling ; otherwise all traffic will be routed through VPN)

5. Create an access-list for this role under resource-pol-NC to allow traffic.

Goodluck,

Frank