I dont have my linux box handy to tell you exactly what the prompts are, but I can tell you that what your wanting to do is possible regardless of how the concentrator is configured.
<shameless plug> (BTW, you should REALLY look at getting that concentrator upgraded to an ASA. I have one at my house and Kvpnc works fine with it, plus its not EOS ) </shameless plug> Under the profile settings for your remote connection, is a section labeled "routes" if I remember correctly. In there you have the option of replacing the default route or keeping it. Right now you are replacing the default route with one that points to Tun0 most likely. Assuming your inside address space is 192.168.1.0 255.255.255.0 what you want to do is this: First, change the option to keep default route. Secondly, add a route for the remote networks (192.168.1.0/24 in the above case) and point it to the Tun0 interface. Again I'm assuming thats the right interface as in most cases it will be. If you have more than just the 1 internal address range you can of course add those in as additional routes. Thats all there is to it. Now only traffic for the ranges above will cross the tunnel, while all else will go out locally. Feel free to celebrate at your local pub the enormous security hole you have just introduced into your network Larry Bryan Stevenson wrote: > Hey All, > > I'm stumped! > > I connect to a Cisco VPN concentrator with split tunnelling turned off. > Due to the firewall rules on the network I connect to, I lose the > ability to send mail or use IM (and some local LAN access gets flaky). > > What I'd like to do is have all packets destined to or coming from the > remote network going through the VPN connection and all other traffic > routed through my local network. > > I've seen some advice on this along with examples of the .js file VPNC > uses, but never a clear enough explanation. > > So what I'm after is and example like so: > > My local network has these settings (net mask, gateway, etc.) > > My remote network has these settings (net mask, gateway, etc.) > > Using the example settings from both networks, an example of how to set > the alternate routes to do as I've laid out above. > > Thanks VERY much for any help > > Cheers > > PS...yes I am aware of the security implications or what I've laid out. > - > > Bryan Stevenson B.Comm. > VP & Director of E-Commerce Development > Electric Edge Systems Group Inc. > phone: 250.480.0642 > fax: 250.480.1264 > cell: 250.920.8830 > e-mail: [EMAIL PROTECTED] > web: www.electricedgesystems.com > > Notice: > This message, including any attachments, is confidential and may contain > information that is privileged or exempt from disclosure. It is intended > only for the person to whom it is addressed unless expressly authorized > otherwise by the sender. If you are not an authorized recipient, please > notify the sender immediately and permanently destroy all copies of this > message and attachments. > > > > > _______________________________________________ > Kvpnc-user mailing list > [email protected] > https://mail.gna.org/listinfo/kvpnc-user > _______________________________________________ Kvpnc-user mailing list [email protected] https://mail.gna.org/listinfo/kvpnc-user
