06-22-2006 06:03 AM
When my clients connect to the VPN server, their default route get set to go over the VPN. If they look at the conneciton status it shows "0.0.0.0 0.0.0.0" under secured routes. I'd like to make it so only one Class C subnet is listed there. How do I go about doing that?
Thanks!
Solved! Go to Solution.
06-22-2006 06:24 AM
This is called "split tunneling". For maximum security you should not use it.
Never done it on IOS myself but this snippet might help:
access-list 150 permit ip 30.30.30.0 0.0.0.255 any
crypto isakmp client configuration group hw-client-groupname
key hw-client-password
dns 30.30.30.10 30.30.30.11
wins 30.30.30.12 30.30.30.13
domain cisco.com
pool dynpool
acl 150
From http://www.cisco.com/application/pdf/en/us/guest/products/ps6659/c1650/cdccont_0900aecd80313bd6.pdf
06-22-2006 06:24 AM
This is called "split tunneling". For maximum security you should not use it.
Never done it on IOS myself but this snippet might help:
access-list 150 permit ip 30.30.30.0 0.0.0.255 any
crypto isakmp client configuration group hw-client-groupname
key hw-client-password
dns 30.30.30.10 30.30.30.11
wins 30.30.30.12 30.30.30.13
domain cisco.com
pool dynpool
acl 150
From http://www.cisco.com/application/pdf/en/us/guest/products/ps6659/c1650/cdccont_0900aecd80313bd6.pdf
06-22-2006 08:02 AM
You are DA MAN! Thank you so much!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide