That's an issue that I have been facing. Just wanted to check, if anyone is facing.
With regards Kings On Mon, Feb 1, 2010 at 7:00 PM, Peter Debye <[email protected]> wrote: > Sorry, I thought you were talking about EzVPN hardware client. > (Usually, the cisco software IPSec client for PCs is called cisco unity > vpn client, for historical reasons and to avoid confusion.) > > I've just checked the routing table on my PC (winXP) before and after > establishing tunnel with ASA, the client version is 5.0.05.0290. > No split-tunnel list is sent; and the pool is 172.29.3.10-172.29.4.255. > > Initial: default point to 192.168.1.1 - access-router IP. My > IP=192.168.1.33 > C:\>netstat -r > Tabla de rutas > Rutas activas: > Destino de red Máscara de red Puerta de acceso Interfaz Métrica > 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.33 20 > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 > 192.168.1.0 255.255.255.0 192.168.1.33 192.168.1.33 20 > 192.168.1.33 255.255.255.255 127.0.0.1 127.0.0.1 20 > 192.168.1.255 255.255.255.255 192.168.1.33 192.168.1.33 20 > 224.0.0.0 240.0.0.0 192.168.1.33 192.168.1.33 20 > 255.255.255.255 255.255.255.255 192.168.1.33 192.168.1.33 1 > 255.255.255.255 255.255.255.255 192.168.1.33 2 1 > Puerta de enlace predeterminada: 192.168.1.1 > ======================================================= > > > After tunnel establishment: > I've got IP=172.29.3.15 from the pool; > the default is set via that IP: 172.29.3.15; > there's one more route: to gateway (ASA, 212.17....). > > C:\>netstat -r > Tabla de rutas > Rutas activas: > Destino de red Máscara de red Puerta de acceso Interfaz Métrica > 0.0.0.0 0.0.0.0 172.29.3.15 172.29.3.15 1 > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 > 172.29.3.15 255.255.255.255 127.0.0.1 127.0.0.1 20 > 172.29.255.255 255.255.255.255 172.29.3.15 172.29.3.15 20 > 192.168.1.0 255.255.255.0 192.168.1.33 192.168.1.33 20 > 192.168.1.0 255.255.255.0 172.29.3.15 172.29.3.15 20 > 192.168.1.1 255.255.255.255 192.168.1.33 192.168.1.33 1 > 192.168.1.33 255.255.255.255 127.0.0.1 127.0.0.1 20 > 192.168.1.255 255.255.255.255 192.168.1.33 192.168.1.33 20 > 212.170.*.* 255.255.255.255 192.168.1.1 192.168.1.33 1 > 224.0.0.0 240.0.0.0 172.29.3.15 172.29.3.15 20 > 224.0.0.0 240.0.0.0 192.168.1.33 192.168.1.33 20 > 255.255.255.255 255.255.255.255 172.29.3.15 172.29.3.15 1 > 255.255.255.255 255.255.255.255 192.168.1.33 192.168.1.33 1 > 255.255.255.255 255.255.255.255 192.168.1.33 2 1 > Puerta de enlace predeterminada: 172.29.3.15 > ======================================================= > > Well, I don't see any routes pointing to the first address of the pool. > (by the way, how a client can have knowledge of the "first" adrress?) > > Or am I (again) missing something? > ====================================== > > On 1 February 2010 13:33, Kingsley Charles <[email protected]> > wrote: > > Peter > > > > With routers as client, we can manipulate the routes, no issues. > > > > But, with the PC VPN client, the route is installed automatically by the > > PC. > > > > For both the cases - split tunnel and tunnel all, a route will be added > with > > split tunnel network or default route respectively with next hop of the > IP > > address that has been leased to the PC. > > > > The behaviour, I see is that for tunnel all, the default route is with > the > > ".1" address of the address pool network. > > > > With regards > > Kings > > > > On Mon, Feb 1, 2010 at 5:41 PM, Peter Debye <[email protected]> wrote: > >> > >> I advise you to use DVTI on the hw client; with that, and with no > >> split tunnel-list received, > >> the client sets the following static routes: > >> - static to Servers' public address via wan interface (physical); > >> - static default via DVTI. > >> (tested with vers 12.4(24)T1 on 2811 and 804(39) on asa5510) > >> > >> ========================== > > > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
