[c-nsp] VPN Client to 1841, default route into tunnel with exceptions
Marc Haber
mh+cisco-nsp at zugschlus.de
Thu Aug 28 06:29:45 EDT 2008
On Thu, Aug 28, 2008 at 08:50:32AM +0800, Brett Looney wrote:
> So this is the issue (sorry - should have looked at this earlier) - you need
> to put a list of networks here that the client can access. And just to be
> confusing, the ACL is from the router's perspective as if the traffic is
> outbound. So, if the pool of IP addresses that you're handing out to the
> clients is 10.100.100.0/24 then that needs to be the destination address in
> the ACL ala:
>
> ip access-list extended DefaultrouteTunnel
> permit x.x.x.x 0.0.0.255 10.100.100.0 0.0.0.255
> permit y.y.y.y 0.0.0.255 10.100.100.0 0.0.0.255
So that would be
ip access-list extended DefaultrouteWithoutListedNetsTunnel
deny ip 192.168.8.0 0.0.0.255 10.2.60.0 0.0.0.255
permit ip any 10.2.60.0 0.0.0.255
But packets to 192.168.8.1 still go out through the tunnel.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190
More information about the cisco-nsp
mailing list