*nix machine? there is no Cisco IPSec client for other OS than Windows.
2011/6/27 Serious CCIE <[email protected]> > Thanks Poitr! tried on *nix machine - same! can't get /24 > One other thing i can think of is that if i remove the split tunneling then > it might show up subnet mask + gw. > > Will post here the results tomorrow. > > Bruno - if you're awake - can you test without split-tunneling? > > On Mon, Jun 27, 2011 at 11:35 PM, Piotr Matusiak <[email protected]> wrote: > >> hmmm, I see /24 mask under 77.77.77.1 IP address. >> there is no default gateway as you can't have two interfaces with default >> gateway configured on windows machine. >> instead, cisco client installs something called Deterministic Network >> Enhancer which basically intercepts user traffic destined to the VPN tunnel. >> >> Regards, >> Piotr >> >> >> >> 2011/6/27 Serious CCIE <[email protected]> >> >>> Hi Poitr, >>> Labbed it up again..... same issue. >>> subnet mask 255.255.255.0 never get pushed to the client. >>> >>> Has anyone managed to get this before? does it work at all, I really >>> never tried to pin point this one! >>> >>> >>> >>> Windows 2000 IP Configuration >>> >>> Ethernet adapter Local Area Connection 5: >>> >>> Connection-specific DNS Suffix . : >>> IP Address. . . . . . . . . . . . : 77.77.77.1 <-- address from >>> EasyVPN server pool >>> >>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>> Default Gateway . . . . . . . . . : >>> <---------BLANK , never get anything here but everything works >>> >>> Ethernet adapter eth0: >>> >>> Connection-specific DNS Suffix . : >>> IP Address. . . . . . . . . . . . : 55.55.4.111 <--- local address >>> >>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>> Default Gateway . . . . . . . . . : 55.55.4.1 >>> >>> =========================================================================== >>> Interface List >>> 0x1 ........................... MS TCP Loopback interface >>> 0x1000003 ...00 0c 29 a5 aa 2c ...... VMware Accelerated AMD PCNet >>> Adapter >>> 0x1000004 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter >>> >>> =========================================================================== >>> >>> =========================================================================== >>> Active Routes: >>> Network Destination Netmask Gateway Interface >>> Metric >>> 0.0.0.0 0.0.0.0 55.55.4.1 55.55.4.111 >>> 1 >>> 55.55.4.0 255.255.255.0 55.55.4.111 55.55.4.111 >>> 10 >>> 55.55.4.111 255.255.255.255 127.0.0.1 127.0.0.1 >>> 10 >>> 55.55.6.2 255.255.255.255 55.55.4.1 55.55.4.111 >>> 1 >>> 55.55.18.0 255.255.255.0 77.77.77.2 77.77.77.1 1 >>> 55.55.19.0 255.255.255.0 77.77.77.2 77.77.77.1 1 >>> 49.255.255.255 255.255.255.255 55.55.4.111 55.55.4.111 >>> 10 >>> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 >>> 1 >>> 77.77.77.0 255.255.255.0 77.77.77.1 77.77.77.1 1 >>> 77.77.77.1 255.255.255.255 127.0.0.1 127.0.0.1 1 >>> 77.77.77.255 255.255.255.255 77.77.77.1 77.77.77.1 1 >>> 224.0.0.0 224.0.0.0 55.55.4.111 55.55.4.111 >>> 10 >>> 224.0.0.0 224.0.0.0 77.77.77.1 77.77.77.1 1 >>> 255.255.255.255 255.255.255.255 55.55.4.111 55.55.4.111 >>> 1 >>> Default Gateway: 55.55.4.1 >>> >>> =========================================================================== >>> Persistent Routes: >>> None >>> >>> >>> >>> >>> On Sun, Jun 26, 2011 at 9:57 PM, Serious CCIE <[email protected]>wrote: >>> >>>> don't have handy yet but it looks normal. as u've noticed in the >>>> configuration example , there is also a split tunneling so in route print i >>>> see split-tunnel too. >>>> >>>> >>>> >>>> On Sun, Jun 26, 2011 at 9:49 PM, Piotr Matusiak <[email protected]> wrote: >>>> >>>>> can you paste "route print " command output on windows host after vpn >>>>> client connection? >>>>> >>>>> >>>>> >>>>> 2011/6/26 Serious CCIE <[email protected]> >>>>> >>>>>> Hi Piotr, thanks. >>>>>> >>>>>> The configuration is the same as COPY & paste of below link: >>>>>> >>>>>> >>>>>> http://www.cisco.com/en/US/docs/routers/access/1800/1841/software/configuration/guide/ezvpn_ps5855_TSD_Products_Configuration_Guide_Chapter.html#wp1050158 >>>>>> >>>>>> >>>>>> the only changes that I made to this - added subnet mask command to >>>>>> below config >>>>>> >>>>>> crypto isakmp client configuration group VPN1 >>>>>> >>>>>> acl SPLIT_T >>>>>> >>>>>> ip access-list extended SPLIT_T >>>>>> >>>>>> permit ip 192.168.0.0 0.0.255.255 any >>>>>> >>>>>> key cisco123 >>>>>> >>>>>> dns 192.168.168.183 192.168.226.120 >>>>>> >>>>>> wins 192.168.179.89 192.168.2.87 >>>>>> >>>>>> domain cisco.com >>>>>> >>>>>> pool VPN-POOL >>>>>> >>>>>> save-password >>>>>> >>>>>> >>>>>> >>>>>> On Sun, Jun 26, 2011 at 1:26 AM, Piotr Matusiak <[email protected]>wrote: >>>>>> >>>>>>> can you paste your config and related commands output? >>>>>>> >>>>>>> in general to make it work on IOS you must use "netmask" command and >>>>>>> to make it work on ASA you must add netmask to "ip local pool" command. >>>>>>> >>>>>>> Regards, >>>>>>> Piotr >>>>>>> >>>>>>> >>>>>>> 2011/6/25 Serious CCIE <[email protected]> >>>>>>> >>>>>>>> Hi Everyone - thanks for the replies... >>>>>>>> I was trying to do it on ASA. >>>>>>>> >>>>>>>> @ Piotr - I've tried that but I was still getting /32 - any idea? >>>>>>>> >>>>>>>> >>>>>>>> "I have tried putting subnet mask in client config on Server but >>>>>>>> still I get /32 bit subnet mask." >>>>>>>> >>>>>>>> >>>>>>>> On Fri, Jun 24, 2011 at 2:35 AM, Piotr Matusiak <[email protected]>wrote: >>>>>>>> >>>>>>>>> if this is IOS then under group configuration there is "netmask" >>>>>>>>> command. >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Piotr >>>>>>>>> >>>>>>>>> >>>>>>>>> 2011/6/23 Serious CCIE <[email protected]> >>>>>>>>> >>>>>>>>>> VPN-SERVER-------------Internet---------VPN-CLIENT >>>>>>>>>> >>>>>>>>>> Is it possible when client get's an IP address from the POOL1 >>>>>>>>>> have a subnet mask of 255.255.255.0 for example? >>>>>>>>>> >>>>>>>>>> In most cases when client dials into the server it gets an IP >>>>>>>>>> address and the default subnet mask of /32 ( >>>>>>>>>> 192.159.1.39/255.255.255.255) >>>>>>>>>> >>>>>>>>>> I have tried putting subnet mask in client config on Server but >>>>>>>>>> still I get /32 bit subnet mask. >>>>>>>>>> >>>>>>>>>> thanks >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> For more information regarding industry leading CCIE Lab training, >>>>>>>>>> please visit www.ipexpert.com >>>>>>>>>> >>>>>>>>>> Are you a CCNP or CCIE and looking for a job? Check out >>>>>>>>>> www.PlatinumPlacement.com >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
