[c-nsp] VPN Client to 1841, default route into tunnel with exceptions
Michael K. Smith - Adhost
mksmith at adhost.com
Thu Aug 28 14:30:29 EDT 2008
Hello Marc:
> >
> > ip access-list extended DefaultrouteTunnel
> > permit x.x.x.x 0.0.0.255 10.100.100.0 0.0.0.255
> > permit y.y.y.y 0.0.0.255 10.100.100.0 0.0.0.255
>
> So that would be
>
> ip access-list extended DefaultrouteWithoutListedNetsTunnel
> deny ip 192.168.8.0 0.0.0.255 10.2.60.0 0.0.0.255
> permit ip any 10.2.60.0 0.0.0.255
>
> But packets to 192.168.8.1 still go out through the tunnel.
>
According to your first configuration email the ACL you should use is DefaultRouteTunnel, not DefaultrouteWithoutListedNetsTunnel.
<original config>
crypto isakmp client configuration group InternClient
key onsh4OcyivOafmyodzet
dns 10.1.2.11 10.1.2.15
wins 10.1.2.11 10.1.2.15
domain example.com
pool ippool
acl DefaultrouteTunnel
ip access-list extended DefaultrouteTunnel
permit ip any any
ip access-list extended DefaultrouteWithoutListedNetsTunnel
deny ip 192.168.8.0 0.0.0.255 any
permit ip any any
</original config>
If you change the client config to 'acl DefaultrouteWithoutListedNetsTunnel' using your original parameters you should be all set.
Regards,
Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 475 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20080828/fc3fd934/attachment-0001.bin>
More information about the cisco-nsp
mailing list