Hello Marc: > > > ip access-list extended DefaultrouteWithoutListedNetsTunnel > > > deny ip 192.168.8.0 0.0.0.255 10.2.60.0 0.0.0.255 > > > permit ip any 10.2.60.0 0.0.0.255 > > > > > > But packets to 192.168.8.1 still go out through the tunnel. > > > > > > > According to your first configuration email the ACL you should use is > > DefaultRouteTunnel, not DefaultrouteWithoutListedNetsTunnel. > > I have of course changed the acl statement. > > > If you change the client config to 'acl > > DefaultrouteWithoutListedNetsTunnel' using your original parameters > > you should be all set. > > NACK. Doesn't work. >
If the clients are on 192.168.8.0/24 and the servers are on 10.2.60.0/24, try this: ip access-list extended DefaultrouteWithoutListedNetsTunnel deny ip 10.2.60.0 0.0.0.255 192.168.8.0 0.0.0.255 permit ip any any Regards, Mike
PGP.sig
Description: PGP signature
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/