[c-nsp] VPN Client to 1841, default route into tunnel with exceptions
Michael K. Smith - Adhost
mksmith at adhost.com
Thu Aug 28 16:43:08 EDT 2008
Hello Marc:
> > > ip access-list extended DefaultrouteWithoutListedNetsTunnel
> > > deny ip 192.168.8.0 0.0.0.255 10.2.60.0 0.0.0.255
> > > permit ip any 10.2.60.0 0.0.0.255
> > >
> > > But packets to 192.168.8.1 still go out through the tunnel.
> > >
> >
> > According to your first configuration email the ACL you should use is
> > DefaultRouteTunnel, not DefaultrouteWithoutListedNetsTunnel.
>
> I have of course changed the acl statement.
>
> > If you change the client config to 'acl
> > DefaultrouteWithoutListedNetsTunnel' using your original parameters
> > you should be all set.
>
> NACK. Doesn't work.
>
If the clients are on 192.168.8.0/24 and the servers are on 10.2.60.0/24, try this:
ip access-list extended DefaultrouteWithoutListedNetsTunnel
deny ip 10.2.60.0 0.0.0.255 192.168.8.0 0.0.0.255
permit ip any any
Regards,
Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 475 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20080828/9588639a/attachment.bin>
More information about the cisco-nsp
mailing list