Sorry, I thought you were talking about EzVPN hardware client.
(Usually, the cisco software IPSec client for PCs is called cisco unity
vpn client, for historical reasons and to avoid confusion.)
I've just checked the routing table on my PC (winXP) before and after
establishing tunnel with ASA, the client version is 5.0.05.0290.
No split-tunnel list is sent; and the pool is 172.29.3.10-172.29.4.255.
Initial: default point to 192.168.1.1 - access-router IP. My IP=192.168.1.33
C:\>netstat -r
Tabla de rutas
Rutas activas:
Destino de red Máscara de red Puerta de acceso Interfaz Métrica
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.33 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.33 192.168.1.33 20
192.168.1.33 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.33 192.168.1.33 20
224.0.0.0 240.0.0.0 192.168.1.33 192.168.1.33 20
255.255.255.255 255.255.255.255 192.168.1.33 192.168.1.33 1
255.255.255.255 255.255.255.255 192.168.1.33 2 1
Puerta de enlace predeterminada: 192.168.1.1
=======================================================
After tunnel establishment:
I've got IP=172.29.3.15 from the pool;
the default is set via that IP: 172.29.3.15;
there's one more route: to gateway (ASA, 212.17....).
C:\>netstat -r
Tabla de rutas
Rutas activas:
Destino de red Máscara de red Puerta de acceso Interfaz Métrica
0.0.0.0 0.0.0.0 172.29.3.15 172.29.3.15 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.29.3.15 255.255.255.255 127.0.0.1 127.0.0.1 20
172.29.255.255 255.255.255.255 172.29.3.15 172.29.3.15 20
192.168.1.0 255.255.255.0 192.168.1.33 192.168.1.33 20
192.168.1.0 255.255.255.0 172.29.3.15 172.29.3.15 20
192.168.1.1 255.255.255.255 192.168.1.33 192.168.1.33 1
192.168.1.33 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.33 192.168.1.33 20
212.170.*.* 255.255.255.255 192.168.1.1 192.168.1.33 1
224.0.0.0 240.0.0.0 172.29.3.15 172.29.3.15 20
224.0.0.0 240.0.0.0 192.168.1.33 192.168.1.33 20
255.255.255.255 255.255.255.255 172.29.3.15 172.29.3.15 1
255.255.255.255 255.255.255.255 192.168.1.33 192.168.1.33 1
255.255.255.255 255.255.255.255 192.168.1.33 2 1
Puerta de enlace predeterminada: 172.29.3.15
=======================================================
Well, I don't see any routes pointing to the first address of the pool.
(by the way, how a client can have knowledge of the "first" adrress?)
Or am I (again) missing something?
======================================
On 1 February 2010 13:33, Kingsley Charles <[email protected]> wrote:
> Peter
>
> With routers as client, we can manipulate the routes, no issues.
>
> But, with the PC VPN client, the route is installed automatically by the
> PC.
>
> For both the cases - split tunnel and tunnel all, a route will be added with
> split tunnel network or default route respectively with next hop of the IP
> address that has been leased to the PC.
>
> The behaviour, I see is that for tunnel all, the default route is with the
> ".1" address of the address pool network.
>
> With regards
> Kings
>
> On Mon, Feb 1, 2010 at 5:41 PM, Peter Debye <[email protected]> wrote:
>>
>> I advise you to use DVTI on the hw client; with that, and with no
>> split tunnel-list received,
>> the client sets the following static routes:
>> - static to Servers' public address via wan interface (physical);
>> - static default via DVTI.
>> (tested with vers 12.4(24)T1 on 2811 and 804(39) on asa5510)
>>
>> ==========================
>
>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
