[c-nsp] VPN Client to 1841, default route into tunnel with exceptions

Michael K. Smith - Adhost mksmith at adhost.com
Thu Aug 28 16:43:08 EDT 2008


Hello Marc:
> > > ip access-list extended DefaultrouteWithoutListedNetsTunnel
> > >  deny   ip 192.168.8.0 0.0.0.255 10.2.60.0 0.0.0.255
> > >  permit ip any 10.2.60.0 0.0.0.255
> > >
> > > But packets to 192.168.8.1 still go out through the tunnel.
> > >
> >
> > According to your first configuration email the ACL you should use is
> > DefaultRouteTunnel, not DefaultrouteWithoutListedNetsTunnel.
> 
> I have of course changed the acl statement.
> 
> > If you change the client config to 'acl
> > DefaultrouteWithoutListedNetsTunnel' using your original parameters
> > you should be all set.
> 
> NACK. Doesn't work.
> 

If the clients are on 192.168.8.0/24 and the servers are on 10.2.60.0/24, try this:

ip access-list extended DefaultrouteWithoutListedNetsTunnel
deny   ip 10.2.60.0 0.0.0.255 192.168.8.0 0.0.0.255
permit ip any any

Regards,

Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 475 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20080828/9588639a/attachment.bin>


More information about the cisco-nsp mailing list