Solved: Re: how to split tunnel VPN

iceman6684 · ‎11-28-2012

All,

i was able to setup split tunneling and phase 1 is successful however, i am unable to ping any subnet that is being NAT. therefore, trying to figure out how do i allow any VPN connection with a 192.168.20.X address can ping i.e 192.168.10.X.

John Blakley · ‎11-28-2012

You'll want to deny those addresses in the nat acl like

Deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

Do this on both ends. The source address for the acl should be on the box that you're doing this on. For instance, if you're putting the acl in the 192.168.10.x router, then you'd put the acl above.

Hth,
John

Sent from Cisco Technical Support iPhone App

HTH, John *** Please rate all useful posts ***

View solution in original post

John Blakley · ‎11-28-2012

You'll want to deny those addresses in the nat acl like

Deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

Do this on both ends. The source address for the acl should be on the box that you're doing this on. For instance, if you're putting the acl in the 192.168.10.x router, then you'd put the acl above.

Hth,
John

Sent from Cisco Technical Support iPhone App

HTH, John *** Please rate all useful posts ***

iceman6684 · ‎11-28-2012

thanks that worked