cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
293
Views
0
Helpful
2
Replies
iceman6684
Beginner

how to split tunnel VPN

All,

   i was able to setup split tunneling and phase 1 is successful however,  i am unable to ping any subnet that is being NAT. therefore,  trying to figure out how do i allow any VPN connection with a 192.168.20.X address can ping i.e 192.168.10.X.

1 ACCEPTED SOLUTION

Accepted Solutions
John Blakley
Advisor

You'll want to deny those addresses in the nat acl like

Deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

Do this on both ends. The source address for the acl should be on the box that you're doing this on. For instance, if you're putting the acl in the 192.168.10.x router, then you'd put the acl above.

Hth,
John

Sent from Cisco Technical Support iPhone App

HTH, John *** Please rate all useful posts ***

View solution in original post

2 REPLIES 2
John Blakley
Advisor

You'll want to deny those addresses in the nat acl like

Deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

Do this on both ends. The source address for the acl should be on the box that you're doing this on. For instance, if you're putting the acl in the 192.168.10.x router, then you'd put the acl above.

Hth,
John

Sent from Cisco Technical Support iPhone App

HTH, John *** Please rate all useful posts ***

thanks that worked