cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
448
Views
0
Helpful
0
Replies
Highlighted
Beginner

EZ VPN split tunneling feature or bug?

Hi,

 

Have some issues with Cisco IOS c3900-universalk9-mz.SPA.154-3.M8.bin as an EZ VPN server with Virtual-Template interface config.
The end customer was so proactive they configured 'deny ip any any' as the last line of every split-tunnel ACL. (~150 EZ VPN client routers in network extension mode.)

The clients translated it as a default route in the split-tunnel ACL.

 

So the last entry in 'show crypto ipsec client ez' is:

Split Tunnel List: 7
       Address    : 0.0.0.0
       Mask       : 0.0.0.0
       Protocol   : 0x0
       Source Port: 0
       Dest Port  : 0
 
I have some faded memories from 10 years ago when you could put anything in the split-tunnel ACL it used 2 fields only: source IP/subnet and source mask. The rest could be almost anything as that information was discarded.
 
I could not find information about any special ACL lines in the admin guides like the ASA's have some specials.
I could not find a bug related to the above problem.
 
What is it? Bug? Feature?
 
Thanks in advance!
 
Peter
0 REPLIES 0
Content for Community-Ad