hmmm, I see /24 mask under 77.77.77.1 IP address. there is no default gateway as you can't have two interfaces with default gateway configured on windows machine. instead, cisco client installs something called Deterministic Network Enhancer which basically intercepts user traffic destined to the VPN tunnel.
Regards, Piotr 2011/6/27 Serious CCIE <[email protected]> > Hi Poitr, > Labbed it up again..... same issue. > subnet mask 255.255.255.0 never get pushed to the client. > > Has anyone managed to get this before? does it work at all, I really never > tried to pin point this one! > > > > Windows 2000 IP Configuration > > Ethernet adapter Local Area Connection 5: > > Connection-specific DNS Suffix . : > IP Address. . . . . . . . . . . . : 77.77.77.1 <-- address from EasyVPN > server pool > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Default Gateway . . . . . . . . . : > <---------BLANK , never get anything here but everything works > > Ethernet adapter eth0: > > Connection-specific DNS Suffix . : > IP Address. . . . . . . . . . . . : 55.55.4.111 <--- local address > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Default Gateway . . . . . . . . . : 55.55.4.1 > =========================================================================== > Interface List > 0x1 ........................... MS TCP Loopback interface > 0x1000003 ...00 0c 29 a5 aa 2c ...... VMware Accelerated AMD PCNet Adapter > 0x1000004 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter > =========================================================================== > =========================================================================== > Active Routes: > Network Destination Netmask Gateway Interface Metric > 0.0.0.0 0.0.0.0 55.55.4.1 55.55.4.111 1 > 55.55.4.0 255.255.255.0 55.55.4.111 55.55.4.111 10 > 55.55.4.111 255.255.255.255 127.0.0.1 127.0.0.1 10 > 55.55.6.2 255.255.255.255 55.55.4.1 55.55.4.111 1 > 55.55.18.0 255.255.255.0 77.77.77.2 77.77.77.1 1 > 55.55.19.0 255.255.255.0 77.77.77.2 77.77.77.1 1 > 49.255.255.255 255.255.255.255 55.55.4.111 55.55.4.111 10 > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 > 77.77.77.0 255.255.255.0 77.77.77.1 77.77.77.1 1 > 77.77.77.1 255.255.255.255 127.0.0.1 127.0.0.1 1 > 77.77.77.255 255.255.255.255 77.77.77.1 77.77.77.1 1 > 224.0.0.0 224.0.0.0 55.55.4.111 55.55.4.111 10 > 224.0.0.0 224.0.0.0 77.77.77.1 77.77.77.1 1 > 255.255.255.255 255.255.255.255 55.55.4.111 55.55.4.111 1 > Default Gateway: 55.55.4.1 > =========================================================================== > Persistent Routes: > None > > > > > On Sun, Jun 26, 2011 at 9:57 PM, Serious CCIE <[email protected]>wrote: > >> don't have handy yet but it looks normal. as u've noticed in the >> configuration example , there is also a split tunneling so in route print i >> see split-tunnel too. >> >> >> >> On Sun, Jun 26, 2011 at 9:49 PM, Piotr Matusiak <[email protected]> wrote: >> >>> can you paste "route print " command output on windows host after vpn >>> client connection? >>> >>> >>> >>> 2011/6/26 Serious CCIE <[email protected]> >>> >>>> Hi Piotr, thanks. >>>> >>>> The configuration is the same as COPY & paste of below link: >>>> >>>> >>>> http://www.cisco.com/en/US/docs/routers/access/1800/1841/software/configuration/guide/ezvpn_ps5855_TSD_Products_Configuration_Guide_Chapter.html#wp1050158 >>>> >>>> >>>> the only changes that I made to this - added subnet mask command to >>>> below config >>>> >>>> crypto isakmp client configuration group VPN1 >>>> >>>> acl SPLIT_T >>>> >>>> ip access-list extended SPLIT_T >>>> >>>> permit ip 192.168.0.0 0.0.255.255 any >>>> >>>> key cisco123 >>>> >>>> dns 192.168.168.183 192.168.226.120 >>>> >>>> wins 192.168.179.89 192.168.2.87 >>>> >>>> domain cisco.com >>>> >>>> pool VPN-POOL >>>> >>>> save-password >>>> >>>> >>>> >>>> On Sun, Jun 26, 2011 at 1:26 AM, Piotr Matusiak <[email protected]> wrote: >>>> >>>>> can you paste your config and related commands output? >>>>> >>>>> in general to make it work on IOS you must use "netmask" command and to >>>>> make it work on ASA you must add netmask to "ip local pool" command. >>>>> >>>>> Regards, >>>>> Piotr >>>>> >>>>> >>>>> 2011/6/25 Serious CCIE <[email protected]> >>>>> >>>>>> Hi Everyone - thanks for the replies... >>>>>> I was trying to do it on ASA. >>>>>> >>>>>> @ Piotr - I've tried that but I was still getting /32 - any idea? >>>>>> >>>>>> >>>>>> "I have tried putting subnet mask in client config on Server but still >>>>>> I get /32 bit subnet mask." >>>>>> >>>>>> >>>>>> On Fri, Jun 24, 2011 at 2:35 AM, Piotr Matusiak <[email protected]>wrote: >>>>>> >>>>>>> if this is IOS then under group configuration there is "netmask" >>>>>>> command. >>>>>>> >>>>>>> Regards, >>>>>>> Piotr >>>>>>> >>>>>>> >>>>>>> 2011/6/23 Serious CCIE <[email protected]> >>>>>>> >>>>>>>> VPN-SERVER-------------Internet---------VPN-CLIENT >>>>>>>> >>>>>>>> Is it possible when client get's an IP address from the POOL1 have >>>>>>>> a subnet mask of 255.255.255.0 for example? >>>>>>>> >>>>>>>> In most cases when client dials into the server it gets an IP >>>>>>>> address and the default subnet mask of /32 ( >>>>>>>> 192.159.1.39/255.255.255.255) >>>>>>>> >>>>>>>> I have tried putting subnet mask in client config on Server but >>>>>>>> still I get /32 bit subnet mask. >>>>>>>> >>>>>>>> thanks >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> For more information regarding industry leading CCIE Lab training, >>>>>>>> please visit www.ipexpert.com >>>>>>>> >>>>>>>> Are you a CCNP or CCIE and looking for a job? Check out >>>>>>>> www.PlatinumPlacement.com >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
