VPN Help

rmwhite59 · ‎04-01-2008

I need to allow 192.168.6.0 accross the vpn tunnel to the 172.18.1.0 network. The 192.168.5.0 crosses the tunnel fine. I do not want 192.168.7.0 to be allowed accross the tunnel. I have attached my ASA 5505 config. Any help would be deeply appreciated

husycisco · ‎04-02-2008

Hi Raymond,

Issue the following exactly.

access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 172.18.1.0 255.255.255.0

access-list 101 deny ip 192.168.7.0 255.255.255.0 172.18.1.0 255.255.0.0

access-list 101 permit ip any any

group-policy L2L internal

group-policy L2L attributes

vpn-filter value 101

tunnel-group xx.xx.xxx.99 ipsec-attribute

default-group-policy L2L

Regards

rmwhite59 · ‎04-03-2008

Will not accept these commands:

access-list 101 deny ip 192.168.7.0 255.255.255.0 172.18.1.0 255.255.0.0

access-list 101 permit ip any any

husycisco · ‎04-03-2008

Because the netmask is wrong. Here is the correct one

access-list 101 deny ip 192.168.7.0 255.255.255.0 172.18.1.0 255.255.255.0

access-list 101 permit ip any any