On Thu, Aug 28, 2008 at 11:30:29AM -0700, Michael K. Smith - Adhost wrote: > Hello Marc: > > > > > > > ip access-list extended DefaultrouteTunnel > > > permit x.x.x.x 0.0.0.255 10.100.100.0 0.0.0.255 > > > permit y.y.y.y 0.0.0.255 10.100.100.0 0.0.0.255 > > > > So that would be > > > > ip access-list extended DefaultrouteWithoutListedNetsTunnel > > deny ip 192.168.8.0 0.0.0.255 10.2.60.0 0.0.0.255 > > permit ip any 10.2.60.0 0.0.0.255 > > > > But packets to 192.168.8.1 still go out through the tunnel. > > > > According to your first configuration email the ACL you should use is > DefaultRouteTunnel, not DefaultrouteWithoutListedNetsTunnel.
I have of course changed the acl statement. > If you change the client config to 'acl > DefaultrouteWithoutListedNetsTunnel' using your original parameters > you should be all set. NACK. Doesn't work. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/