On Mon, 2008-02-04 at 21:19 -0500, Larry Roberts wrote: [snip] > > <shameless plug> > (BTW, you should REALLY look at getting that concentrator upgraded to > an > ASA. I have one at my house and Kvpnc works fine with it, plus its > not > EOS ) > </shameless plug>
Not my VPN....I just connect to it ;-) > > Under the profile settings for your remote connection, is a section > labeled "routes" if I remember correctly. In there you have the > option > of replacing the default route or keeping it. > Right now you are replacing the default route with one that points to > Tun0 most likely. Yep...set to replace default route.....not sure if it's replacing it with Tun0, but it most likely does (picking Tun0 is not an option....so I assume it happens by default when replacing). > > Assuming your inside address space is 192.168.1.0 255.255.255.0 what > you > want to do is this: OK...here's where I need to be VERY clear....by "inside" I would assume you mean my local LAN? That said, what you say below makes me think you mean the remote network?? > > First, change the option to keep default route. > Secondly, add a route for the remote networks (192.168.1.0/24 in the > above case) and point it to the Tun0 interface. > Again I'm assuming thats the right interface as in most cases it will > be. Sounds simple enough ;-) > > If you have more than just the 1 internal address range you can of > course add those in as additional routes. So again....I think ou mean the remote network? ....and yes it does have a few ranges I'll be setting alt. routes for. > > Thats all there is to it. Now only traffic for the ranges above will > cross the tunnel, while all else will go out locally. That would be perfect! > > Feel free to celebrate at your local pub the enormous security hole > you > have just introduced into your network I shall indeed....and that's why I mentioned in my original post that I am fully aware of the security implications.....but always good to mention in case someone is NOT aware of what they are doing!! > > Larry Thanks Larry....I'll go ahead with my assumptions above....50/50 chance right ;-) Cheers Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com Notice: This message, including any attachments, is confidential and may contain information that is privileged or exempt from disclosure. It is intended only for the person to whom it is addressed unless expressly authorized otherwise by the sender. If you are not an authorized recipient, please notify the sender immediately and permanently destroy all copies of this message and attachments. _______________________________________________ Kvpnc-user mailing list [email protected] https://mail.gna.org/listinfo/kvpnc-user
