[c-nsp] VPN Client to 1841, default route into tunnel with exceptions
Marc Haber
mh+cisco-nsp at zugschlus.de
Wed Aug 27 07:12:08 EDT 2008
On Wed, Aug 27, 2008 at 08:08:08AM +0800, Brett Looney wrote:
> > With this configuration, a client cannot communicate at all
> > outside the tunnel, which is a desired feature in this setup.
> > OTOH, some teleworkers would appreciate to be able to talk to
> > their networked printers on the local LANs.
>
> It's been a while but from memory you need to put the "include-local-lan"
> setting into the client configuration group to do this. HTH.
It now says
crypto isakmp client configuration group InternClient
key onsh4OcyivOafmyodzet
dns 10.1.2.11 10.1.2.15
wins 10.1.2.11 10.1.2.15
domain example.com
pool ippool
acl DefaultrouteTunnel
include-local-lan
and when I ping 192.168.8.1, I still see the packet going out
encapsulated in ESP instead of unencrypted on the LAN (the Client's
LAN ip is 192.168.8.184/24).
Additionally, I'd rather have a white list of IP ranges that can still
be reached without encrpyption to not expose clients in public networks.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190
More information about the cisco-nsp
mailing list