ip local pool addr7 20.10.30.40-20.10.30.43 access-list split extended permit ip 20.10.30.0 255.255.255.0 any
group-policy king attributes vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value split address-pools value addr7 The split tunnel doesn't make a difference. Along with the route to split tunnel address, a route to major network is added. Irrespective of whether it is configured or not, the route for major network is installed. Hence even with split tunnel, traffic to the major network is tunneled. On Tue, Oct 5, 2010 at 6:59 PM, Sidney Spencer <[email protected]> wrote: > What does your split tunnel ACL look like? can you post your config? > > On Tue, Oct 5, 2010 at 8:25 AM, Kingsley Charles < > [email protected]> wrote: > >> Hi all >> >> I am observing an issue with VPN client. The client's version is 5.0.3. I >> have configured an address pool on the ASA of addresses >> 20.20.30.40-10.20.30.43. The client gets 20.10.30.40. >> If I check the "route print" O/P of the client PC, I see that there is a >> route added for leased address major network. >> >> If you look at the O/P below, there is route for 20.0.0./8 with next hop >> of 20.10.30.40 which is leased address. This is wrong as it will make all >> traffic with destination of 20.0.0.0/24 move towards the Server. >> If I am using just 20.10.30.0/24 behind the server and configure split >> tunneling only for 20.10.30.0/24, still I see the route for the major >> network >> >> >> Snippet of route print O/P >> >> 20.0.0.0 255.0.0.0 20.10.30.40 20.10.30.40 >> 20 >> 20.10.30.40 255.255.255.255 127.0.0.1 127.0.0.1 >> 20 >> >> >> I haven't seen this issue before. >> >> Any idea, why it has changed and the reason behind it. >> >> >> I also observed the same issue with WebVPN Anyconnect. >> >> Why is a route installed for major network on the leased IP address? >> >> >> >> With regards >> Kings >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
