The Cisco VPN client works on mac as well (and linux), and if I remember correctly, even the 4.0 version was compatilble with the 1.1 on windows..
So IPSec works for years on mac, solaris and linux: http://www.cisco.com/en/US/docs/security/asa/compatibility/asa-vpn-compatibility.html PJ On 27 jun 2011, at 17:43, Piotr Matusiak wrote: > *nix machine? there is no Cisco IPSec client for other OS than Windows. > > > 2011/6/27 Serious CCIE <[email protected]> > Thanks Poitr! tried on *nix machine - same! can't get /24 > One other thing i can think of is that if i remove the split tunneling then > it might show up subnet mask + gw. > > Will post here the results tomorrow. > > Bruno - if you're awake - can you test without split-tunneling? > > On Mon, Jun 27, 2011 at 11:35 PM, Piotr Matusiak <[email protected]> wrote: > hmmm, I see /24 mask under 77.77.77.1 IP address. > there is no default gateway as you can't have two interfaces with default > gateway configured on windows machine. > instead, cisco client installs something called Deterministic Network > Enhancer which basically intercepts user traffic destined to the VPN tunnel. > > Regards, > Piotr > > > > 2011/6/27 Serious CCIE <[email protected]> > Hi Poitr, > Labbed it up again..... same issue. > subnet mask 255.255.255.0 never get pushed to the client. > > Has anyone managed to get this before? does it work at all, I really never > tried to pin point this one! > > > > Windows 2000 IP Configuration > > Ethernet adapter Local Area Connection 5: > > Connection-specific DNS Suffix . : > IP Address. . . . . . . . . . . . : 77.77.77.1 <-- address from EasyVPN > server pool > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Default Gateway . . . . . . . . . : <---------BLANK > , never get anything here but everything works > > Ethernet adapter eth0: > > Connection-specific DNS Suffix . : > IP Address. . . . . . . . . . . . : 55.55.4.111 <--- local address > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Default Gateway . . . . . . . . . : 55.55.4.1 > =========================================================================== > Interface List > 0x1 ........................... MS TCP Loopback interface > 0x1000003 ...00 0c 29 a5 aa 2c ...... VMware Accelerated AMD PCNet Adapter > 0x1000004 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter > =========================================================================== > =========================================================================== > Active Routes: > Network Destination Netmask Gateway Interface Metric > 0.0.0.0 0.0.0.0 55.55.4.1 55.55.4.111 1 > 55.55.4.0 255.255.255.0 55.55.4.111 55.55.4.111 10 > 55.55.4.111 255.255.255.255 127.0.0.1 127.0.0.1 10 > 55.55.6.2 255.255.255.255 55.55.4.1 55.55.4.111 1 > 55.55.18.0 255.255.255.0 77.77.77.2 77.77.77.1 1 > 55.55.19.0 255.255.255.0 77.77.77.2 77.77.77.1 1 > 49.255.255.255 255.255.255.255 55.55.4.111 55.55.4.111 10 > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 > 77.77.77.0 255.255.255.0 77.77.77.1 77.77.77.1 1 > 77.77.77.1 255.255.255.255 127.0.0.1 127.0.0.1 1 > 77.77.77.255 255.255.255.255 77.77.77.1 77.77.77.1 1 > 224.0.0.0 224.0.0.0 55.55.4.111 55.55.4.111 10 > 224.0.0.0 224.0.0.0 77.77.77.1 77.77.77.1 1 > 255.255.255.255 255.255.255.255 55.55.4.111 55.55.4.111 1 > Default Gateway: 55.55.4.1 > =========================================================================== > Persistent Routes: > None > > > > > On Sun, Jun 26, 2011 at 9:57 PM, Serious CCIE <[email protected]> wrote: > don't have handy yet but it looks normal. as u've noticed in the > configuration example , there is also a split tunneling so in route print i > see split-tunnel too. > > > > On Sun, Jun 26, 2011 at 9:49 PM, Piotr Matusiak <[email protected]> wrote: > can you paste "route print " command output on windows host after vpn client > connection? > > > > 2011/6/26 Serious CCIE <[email protected]> > Hi Piotr, thanks. > > The configuration is the same as COPY & paste of below link: > > http://www.cisco.com/en/US/docs/routers/access/1800/1841/software/configuration/guide/ezvpn_ps5855_TSD_Products_Configuration_Guide_Chapter.html#wp1050158 > > > the only changes that I made to this - added subnet mask command to below > config > crypto isakmp client configuration group VPN1 > acl SPLIT_T > ip access-list extended SPLIT_T > permit ip 192.168.0.0 0.0.255.255 any > key cisco123 > dns 192.168.168.183 192.168.226.120 > wins 192.168.179.89 192.168.2.87 > domain cisco.com > pool VPN-POOL > save-password > > > > On Sun, Jun 26, 2011 at 1:26 AM, Piotr Matusiak <[email protected]> wrote: > can you paste your config and related commands output? > > in general to make it work on IOS you must use "netmask" command and to make > it work on ASA you must add netmask to "ip local pool" command. > > Regards, > Piotr > > > 2011/6/25 Serious CCIE <[email protected]> > Hi Everyone - thanks for the replies... > I was trying to do it on ASA. > > @ Piotr - I've tried that but I was still getting /32 - any idea? > > > "I have tried putting subnet mask in client config on Server but still I get > /32 bit subnet mask." > > > On Fri, Jun 24, 2011 at 2:35 AM, Piotr Matusiak <[email protected]> wrote: > if this is IOS then under group configuration there is "netmask" command. > > Regards, > Piotr > > > 2011/6/23 Serious CCIE <[email protected]> > VPN-SERVER-------------Internet---------VPN-CLIENT > > Is it possible when client get's an IP address from the POOL1 have a subnet > mask of 255.255.255.0 for example? > > In most cases when client dials into the server it gets an IP address and the > default subnet mask of /32 (192.159.1.39/255.255.255.255) > > I have tried putting subnet mask in client config on Server but still I get > /32 bit subnet mask. > > thanks > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > > > > > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com --- Nefkens Advies Enk 26 4214 DD Vuren The Netherlands Tel: +31 88 633 5300 Fax: +31 88 633 5399 Direct: +31 88 633 5304 Email: [email protected] Web: http://www.nefkensadvies.nl/
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
