Hehe, I forgot that there was a client which supports that. I'm using v5.0 for 3-4 years now and there is no v5.0 for other OSes.
2011/6/27 Pieter-Jan Nefkens <[email protected]> > > The Cisco VPN client works on mac as well (and linux), and if I remember > correctly, even the 4.0 version was compatilble with the 1.1 on windows.. > > So IPSec works for years on mac, solaris and linux: > > > http://www.cisco.com/en/US/docs/security/asa/compatibility/asa-vpn-compatibility.html > > PJ > > > On 27 jun 2011, at 17:43, Piotr Matusiak wrote: > > *nix machine? there is no Cisco IPSec client for other OS than Windows. > > > 2011/6/27 Serious CCIE <[email protected]> > >> Thanks Poitr! tried on *nix machine - same! can't get /24 >> One other thing i can think of is that if i remove the split tunneling >> then it might show up subnet mask + gw. >> >> Will post here the results tomorrow. >> >> Bruno - if you're awake - can you test without split-tunneling? >> >> On Mon, Jun 27, 2011 at 11:35 PM, Piotr Matusiak <[email protected]> wrote: >> >>> hmmm, I see /24 mask under 77.77.77.1 IP address. >>> there is no default gateway as you can't have two interfaces with default >>> gateway configured on windows machine. >>> instead, cisco client installs something called Deterministic Network >>> Enhancer which basically intercepts user traffic destined to the VPN tunnel. >>> >>> Regards, >>> Piotr >>> >>> >>> >>> 2011/6/27 Serious CCIE <[email protected]> >>> >>>> Hi Poitr, >>>> Labbed it up again..... same issue. >>>> subnet mask 255.255.255.0 never get pushed to the client. >>>> >>>> Has anyone managed to get this before? does it work at all, I really >>>> never tried to pin point this one! >>>> >>>> >>>> >>>> Windows 2000 IP Configuration >>>> >>>> Ethernet adapter Local Area Connection 5: >>>> >>>> Connection-specific DNS Suffix . : >>>> IP Address. . . . . . . . . . . . : 77.77.77.1 <-- address from >>>> EasyVPN server pool >>>> >>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>>> Default Gateway . . . . . . . . . : >>>> <---------BLANK , never get anything here but everything works >>>> >>>> Ethernet adapter eth0: >>>> >>>> Connection-specific DNS Suffix . : >>>> IP Address. . . . . . . . . . . . : 55.55.4.111 <--- local address >>>> >>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>>> Default Gateway . . . . . . . . . : 55.55.4.1 >>>> >>>> =========================================================================== >>>> Interface List >>>> 0x1 ........................... MS TCP Loopback interface >>>> 0x1000003 ...00 0c 29 a5 aa 2c ...... VMware Accelerated AMD PCNet >>>> Adapter >>>> 0x1000004 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter >>>> >>>> =========================================================================== >>>> >>>> =========================================================================== >>>> Active Routes: >>>> Network Destination Netmask Gateway Interface >>>> Metric >>>> 0.0.0.0 0.0.0.0 55.55.4.1 55.55.4.111 >>>> 1 >>>> 55.55.4.0 255.255.255.0 55.55.4.111 55.55.4.111 >>>> 10 >>>> 55.55.4.111 255.255.255.255 127.0.0.1 127.0.0.1 >>>> 10 >>>> 55.55.6.2 255.255.255.255 55.55.4.1 55.55.4.111 >>>> 1 >>>> 55.55.18.0 255.255.255.0 77.77.77.2 77.77.77.1 1 >>>> 55.55.19.0 255.255.255.0 77.77.77.2 77.77.77.1 1 >>>> 49.255.255.255 255.255.255.255 55.55.4.111 55.55.4.111 >>>> 10 >>>> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 >>>> 1 >>>> 77.77.77.0 255.255.255.0 77.77.77.1 77.77.77.1 1 >>>> 77.77.77.1 255.255.255.255 127.0.0.1 127.0.0.1 >>>> 1 >>>> 77.77.77.255 255.255.255.255 77.77.77.1 77.77.77.1 1 >>>> 224.0.0.0 224.0.0.0 55.55.4.111 55.55.4.111 >>>> 10 >>>> 224.0.0.0 224.0.0.0 77.77.77.1 77.77.77.1 1 >>>> 255.255.255.255 255.255.255.255 55.55.4.111 55.55.4.111 >>>> 1 >>>> Default Gateway: 55.55.4.1 >>>> >>>> =========================================================================== >>>> Persistent Routes: >>>> None >>>> >>>> >>>> >>>> >>>> On Sun, Jun 26, 2011 at 9:57 PM, Serious CCIE <[email protected]>wrote: >>>> >>>>> don't have handy yet but it looks normal. as u've noticed in the >>>>> configuration example , there is also a split tunneling so in route print >>>>> i >>>>> see split-tunnel too. >>>>> >>>>> >>>>> >>>>> On Sun, Jun 26, 2011 at 9:49 PM, Piotr Matusiak <[email protected]>wrote: >>>>> >>>>>> can you paste "route print " command output on windows host after vpn >>>>>> client connection? >>>>>> >>>>>> >>>>>> >>>>>> 2011/6/26 Serious CCIE <[email protected]> >>>>>> >>>>>>> Hi Piotr, thanks. >>>>>>> >>>>>>> The configuration is the same as COPY & paste of below link: >>>>>>> >>>>>>> >>>>>>> http://www.cisco.com/en/US/docs/routers/access/1800/1841/software/configuration/guide/ezvpn_ps5855_TSD_Products_Configuration_Guide_Chapter.html#wp1050158 >>>>>>> >>>>>>> >>>>>>> the only changes that I made to this - added subnet mask command to >>>>>>> below config >>>>>>> >>>>>>> crypto isakmp client configuration group VPN1 >>>>>>> >>>>>>> acl SPLIT_T >>>>>>> >>>>>>> ip access-list extended SPLIT_T >>>>>>> >>>>>>> permit ip 192.168.0.0 0.0.255.255 any >>>>>>> >>>>>>> key cisco123 >>>>>>> >>>>>>> dns 192.168.168.183 192.168.226.120 >>>>>>> >>>>>>> wins 192.168.179.89 192.168.2.87 >>>>>>> >>>>>>> domain cisco.com >>>>>>> >>>>>>> pool VPN-POOL >>>>>>> >>>>>>> save-password >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Sun, Jun 26, 2011 at 1:26 AM, Piotr Matusiak <[email protected]>wrote: >>>>>>> >>>>>>>> can you paste your config and related commands output? >>>>>>>> >>>>>>>> in general to make it work on IOS you must use "netmask" command and >>>>>>>> to make it work on ASA you must add netmask to "ip local pool" command. >>>>>>>> >>>>>>>> Regards, >>>>>>>> Piotr >>>>>>>> >>>>>>>> >>>>>>>> 2011/6/25 Serious CCIE <[email protected]> >>>>>>>> >>>>>>>>> Hi Everyone - thanks for the replies... >>>>>>>>> I was trying to do it on ASA. >>>>>>>>> >>>>>>>>> @ Piotr - I've tried that but I was still getting /32 - any idea? >>>>>>>>> >>>>>>>>> >>>>>>>>> "I have tried putting subnet mask in client config on Server but >>>>>>>>> still I get /32 bit subnet mask." >>>>>>>>> >>>>>>>>> >>>>>>>>> On Fri, Jun 24, 2011 at 2:35 AM, Piotr Matusiak <[email protected]>wrote: >>>>>>>>> >>>>>>>>>> if this is IOS then under group configuration there is "netmask" >>>>>>>>>> command. >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> Piotr >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> 2011/6/23 Serious CCIE <[email protected]> >>>>>>>>>> >>>>>>>>>>> VPN-SERVER-------------Internet---------VPN-CLIENT >>>>>>>>>>> >>>>>>>>>>> Is it possible when client get's an IP address from the POOL1 >>>>>>>>>>> have a subnet mask of 255.255.255.0 for example? >>>>>>>>>>> >>>>>>>>>>> In most cases when client dials into the server it gets an IP >>>>>>>>>>> address and the default subnet mask of /32 ( >>>>>>>>>>> 192.159.1.39/255.255.255.255) >>>>>>>>>>> >>>>>>>>>>> I have tried putting subnet mask in client config on Server but >>>>>>>>>>> still I get /32 bit subnet mask. >>>>>>>>>>> >>>>>>>>>>> thanks >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> For more information regarding industry leading CCIE Lab >>>>>>>>>>> training, please visit www.ipexpert.com >>>>>>>>>>> >>>>>>>>>>> Are you a CCNP or CCIE and looking for a job? Check out >>>>>>>>>>> www.PlatinumPlacement.com >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > --- > > Nefkens Advies > > Enk 26 > > 4214 DD Vuren > > The Netherlands > > > Tel: +31 88 633 5300 > > Fax: +31 88 633 5399 > > Direct: +31 88 633 5304 > > Email: [email protected] > > Web: http://www.nefkensadvies.nl/ > > > > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
