[c-nsp] VPN Client to 1841, default route into tunnel with exceptions
Ben Steele
ben.steele at internode.on.net
Fri Aug 29 03:20:49 EDT 2008
An easier solution if you really need to go down that path is to allow all
down the vpn (no split tunnel) and have static persistent routes on the
client, setup a script or something.
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Brett Looney
Sent: Friday, 29 August 2008 10:25 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] VPN Client to 1841, default route into tunnel with
exceptions
> So that would be
>
> ip access-list extended DefaultrouteWithoutListedNetsTunnel
> deny ip 192.168.8.0 0.0.0.255 10.2.60.0 0.0.0.255
> permit ip any 10.2.60.0 0.0.0.255
>
> But packets to 192.168.8.1 still go out through the tunnel.
Well, yeah. Because it matches the access list. From the sounds of it, you
need to list each local network specifically in the access list so it won't
match. <obvious>That will be tricky.</obvious>
B.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list