easy vpn doesn?t apply ip range set in vpngroup

Unanswered Question
Aug 20th, 2007


we have a remote asa 5005 connecting through easy vpn to our main pix.

on the pix i have the command

access-list acl_splt-usstam permit ip object-group besnk_vpn-allowed

vpngroup remote-usstam split-tunnel acl_splt-usstam

but when i do a sh access-list on the asa the dynamic generated access-list look like this

access-list _vpnc_acl; 13 elements

access-list _vpnc_acl line 1 extended permit ip host host (hitcnt=2) 0x7d7e8254

access-list _vpnc_acl line 2 extended permit ip (hitcnt=9) 0xe06ae310

access-list _vpnc_acl line 3 extended permit ip (hitcnt=2) 0x25a23786

access-list _vpnc_acl line 4 extended permit ip (hitcnt=2) 0x7a540833

access-list _vpnc_acl line 5 extended permit ip (hitcnt=3) 0x9f7733ce

access-list _vpnc_acl line 6 extended permit ip (hitcnt=2) 0xe172dbda

access-list _vpnc_acl line 7 extended permit ip (hitcnt=2) 0x2caf5ad

access-list _vpnc_acl line 8 extended permit ip host (hitcnt=2) 0xc9c4f98d

access-list _vpnc_acl line 9 extended permit ip (hitcnt=2) 0xa7424952

access-list _vpnc_acl line 10 extended permit ip host host (hitcnt=2) 0x90a1856c

access-list _vpnc_acl line 11 extended permit ip host host (hitcnt=2) 0xeabefffa

access-list _vpnc_acl line 12 extended permit ip host (hitcnt=2) 0x21b7b846

access-list _vpnc_acl line 13 extended permit ip host host 1_vpnc_acl92.168.254.31 (hitcnt=2) 0x6dd2aa42

so the asa only uses the tunnel for and niet for as intended. i can?t chnage the _vpnc_acl because it?s generated by easy vpn

Can somebody help me out please ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion