Solved: 2651xm (IOS 12.4(9T) VPN server - default route

ph0enix · ‎06-22-2006

When my clients connect to the VPN server, their default route get set to go over the VPN. If they look at the conneciton status it shows "0.0.0.0 0.0.0.0" under secured routes. I'd like to make it so only one Class C subnet is listed there. How do I go about doing that?

Thanks!

grant.maynard · ‎06-22-2006

This is called "split tunneling". For maximum security you should not use it.

Never done it on IOS myself but this snippet might help:

access-list 150 permit ip 30.30.30.0 0.0.0.255 any

crypto isakmp client configuration group hw-client-groupname

key hw-client-password

dns 30.30.30.10 30.30.30.11

wins 30.30.30.12 30.30.30.13

domain cisco.com

pool dynpool

acl 150

From http://www.cisco.com/application/pdf/en/us/guest/products/ps6659/c1650/cdccont_0900aecd80313bd6.pdf

View solution in original post

grant.maynard · ‎06-22-2006