reverse route injection on vpn client tunnel?

erwee1973 · ‎11-19-2013

Hello,

We have a customer with a Cisco 1841 router which is also used for remote access vpn

The config is like this:

crypto isakmp client configuration group VPNaccess

key xxxxx

dns 192.168.169.1

domain xxxx.local

pool vpnpool

acl split-acl

include-local-lan

ip access-list extended split-acl

permit ip 192.168.169.0 0.0.0.255 any

ip local pool vpnpool 172.18.19.1 172.18.19.254

Now, people can reach servers on the 192.168.169.0 subnet, but behind 192.168.169.250 there is a subnet with range 172.16.169.0 /24 which we want to reach via vpn. I believe this needs to be done by configuring reverse route injection? But how to configure this for vpn remote access client tunnels?

The 1841 runs software 12.4

Thank you for your help

Kind regards,

Ralph Willemsen

Arnhem, Netherlands

Marcin Latosiewicz · ‎11-20-2013

Ralph,

RRI inserts routes for remote subnets on router, in case of ezvpn remote subnet is the client assigned IP address.

What you're looking for is to change your split tunneling ACL, i.e. add a new entry.

M.

erwee1973 · ‎11-21-2013

Hello,

Thank you for your answer. The acl in the client vpn config (split-acl) permits access to all networks.

What I noticed was, that the 3rd party didn't have the L3 switch as gateway configured, so packets couldn't travel back. That's all.........

Thanks for your help anyway, really appreciate this.

Kind regards,

Ralph

enricoaderhold · ‎11-20-2013

Hello Ralph

i had few weeks ago the same "Problem" finaly i fixed the stuff

have a look at -- http://www.klick.us/?page_id=611 --

i did a dokumentation about the stuff how it works for my company

i fixed this with ACL´s

erwee1973 · ‎11-21-2013

Thank you, I solved it, see my reply above.