[vpn-help] Cisco router Split tunnel VPN
Paul Azad
paul at thissolution.com
Fri Jul 25 05:24:04 CDT 2014
Hi
I have found that when I VPN to a Cisco router (have tried a 3825 running IOS 15.1(4)M5, and also a 1941 running IOS 15.0(1r)M15 ) and the VPN has been setup with a split tunnel, it doesn't behave the same way as it should, and the way it works when using the Cisco client.
When I have the split tunnel set with specific IP's, such as this:
access-list 195 permit ip 192.168.100.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 195 permit ip 192.168.90.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 195 permit ip 192.168.254.0 0.0.0.255 192.168.254.0 0.0.0.255
It works, and the clients who get an IP of 192.168.254.0/24, can see all those devices. But if I put in an ACL like this:
access-list 197 permit ip host 10.254.254.19 10.254.251.0 0.0.0.255
access-list 197 permit ip host 10.254.254.62 10.254.251.0 0.0.0.255
access-list 197 permit ip host 10.254.254.61 10.254.251.0 0.0.0.255
access-list 197 permit ip host 10.254.252.52 10.254.251.0 0.0.0.255
access-list 197 permit ip host 10.254.252.30 10.254.251.0 0.0.0.255
access-list 197 permit ip host 10.254.254.50 10.254.251.0 0.0.0.255
access-list 197 permit ip host 10.254.254.53 10.254.251.0 0.0.0.255
access-list 197 permit ip host 10.254.254.80 10.254.251.0 0.0.0.255
The clients cant see these devices. With further testing, I have found that the issue is when I use the "permit ip host" command, although I see the routes added to my local PC, I cant actually ping the device. I am using client version 2.2.2.2, and this is happening on both Windows 7 and 8.1
Thanks
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20140725/129f80f3/attachment.html>
More information about the vpn-help
mailing list