[c-nsp] EnableLocalLAN don't work
Michael K. Smith - Adhost
mksmith at adhost.com
Fri Jun 6 16:53:08 EDT 2008
Hello Julien:
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of julien leroiso
> Sent: Friday, June 06, 2008 7:19 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] EnableLocalLAN don't work
>
> Hello,
>
> I have a cisco 871 as VPN end-point.
> I need to access my local lan, when my vpn is up.
> I'm using vpn-client 5.0.01.0600 for Windows on XP.
>
> I tried to enable "Allow local lan access" but that don't work much.
>
> I found that I need to enable split tunneling. I found doc to do that
> on vpn concentretor or pix, but I did not found anything for "simple"
> routers.
>
> Any idea ?
>
crypto isakmp client configuration group <GROUPNAME>
<various other entries>
acl <ACL NUMBER> (150 in the example below)
So, let's say your local lan behind the router is 192.168.1.0/24 and your Pool range is 192.168.2.0/24, your acl would be:
access-list 150 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
So, any traffic from 192.168.2.0/24 not going to 192.168.1.0/24 will go out the split-tunnel.
Regards,
Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 475 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20080606/2861d839/attachment-0001.bin>
More information about the cisco-nsp
mailing list