some relevant configuration first...
my router is a cisco 2610XM running latest advanced ent. services ios.
--------------------------------------------------------
ip dhcp pool dhcp_local
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
etc..
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.0.1 255.255.255.0
ip access-group lanin in
ip access-group lanout out
ip nat inside
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 213.xxx.xxx.33 255.255.255.224
ip access-group dmzin in
ip access-group dmzout out
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address xxx.xxx.xxx.xxx 255.255.255.192
ip access-group wanin in
ip access-group wanout out
ip nat outside
crypto map dynmap
ip nat pool overload 83.xxx.xxx.18 83.xxx.xx.18 prefix-length 24
ip nat inside source list 10 pool overload overload
access-list 10 permit 192.168.0.0 0.0.0.255
ip local pool easypool 192.168.100.1 192.168.100.20
------------------------------------------------------------------
easy vpn clients get ip from local pool easypool (192.168.100.1 - 192.168.100.20)
I have an easy vpn setup running. I do not want split tunnelling.
1 want:
- vpn clients to be able to access the 192.168.0.0 255.255.255.0 subnet
- vpn clients to access the internet through our router
VPN clients CAN access my dmz interface (and servers on that subnet) through the tunnel.
They can also ping loopback interfaces on the router. But they can not access anything on
the local subnet (192.168.0.0 255.255.255.0) or the Internet.
If I ping 192.168.0.1, I get response from the outside (wan) ip-address..
So I think I need to prevent NAT on VPN clients --> local subnet and enable NAT for vpn clients
to anything external..
HOW do I do that? I have tried to add "access-list 10 permit 192.168.100.0 0.0.0.255", but still
no Internet access for vpn users..
It is no acl problem on the interfaces as I have tried to permit anything (permit ip any any), but still no go..
HELP!!
my router is a cisco 2610XM running latest advanced ent. services ios.
--------------------------------------------------------
ip dhcp pool dhcp_local
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
etc..
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.0.1 255.255.255.0
ip access-group lanin in
ip access-group lanout out
ip nat inside
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 213.xxx.xxx.33 255.255.255.224
ip access-group dmzin in
ip access-group dmzout out
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address xxx.xxx.xxx.xxx 255.255.255.192
ip access-group wanin in
ip access-group wanout out
ip nat outside
crypto map dynmap
ip nat pool overload 83.xxx.xxx.18 83.xxx.xx.18 prefix-length 24
ip nat inside source list 10 pool overload overload
access-list 10 permit 192.168.0.0 0.0.0.255
ip local pool easypool 192.168.100.1 192.168.100.20
------------------------------------------------------------------
easy vpn clients get ip from local pool easypool (192.168.100.1 - 192.168.100.20)
I have an easy vpn setup running. I do not want split tunnelling.
1 want:
- vpn clients to be able to access the 192.168.0.0 255.255.255.0 subnet
- vpn clients to access the internet through our router
VPN clients CAN access my dmz interface (and servers on that subnet) through the tunnel.
They can also ping loopback interfaces on the router. But they can not access anything on
the local subnet (192.168.0.0 255.255.255.0) or the Internet.
If I ping 192.168.0.1, I get response from the outside (wan) ip-address..
So I think I need to prevent NAT on VPN clients --> local subnet and enable NAT for vpn clients
to anything external..
HOW do I do that? I have tried to add "access-list 10 permit 192.168.100.0 0.0.0.255", but still
no Internet access for vpn users..
It is no acl problem on the interfaces as I have tried to permit anything (permit ip any any), but still no go..
HELP!!
