[c-nsp] VPN Client to 1841, default route into tunnel with exceptions

Brett Looney brett at looney.id.au
Thu Aug 28 20:54:48 EDT 2008


> So that would be
> 
> ip access-list extended DefaultrouteWithoutListedNetsTunnel
>  deny   ip 192.168.8.0 0.0.0.255 10.2.60.0 0.0.0.255
>  permit ip any 10.2.60.0 0.0.0.255
>
> But packets to 192.168.8.1 still go out through the tunnel.

Well, yeah. Because it matches the access list. From the sounds of it, you
need to list each local network specifically in the access list so it won't
match. <obvious>That will be tricky.</obvious>

B.


More information about the cisco-nsp mailing list