04-01-2008 05:05 PM
I need to allow 192.168.6.0 accross the vpn tunnel to the 172.18.1.0 network. The 192.168.5.0 crosses the tunnel fine. I do not want 192.168.7.0 to be allowed accross the tunnel. I have attached my ASA 5505 config. Any help would be deeply appreciated
04-02-2008 07:10 AM
Hi Raymond,
Issue the following exactly.
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 172.18.1.0 255.255.255.0
access-list 101 deny ip 192.168.7.0 255.255.255.0 172.18.1.0 255.255.0.0
access-list 101 permit ip any any
group-policy L2L internal
group-policy L2L attributes
vpn-filter value 101
tunnel-group xx.xx.xxx.99 ipsec-attribute
default-group-policy L2L
Regards
04-03-2008 07:22 AM
Will not accept these commands:
access-list 101 deny ip 192.168.7.0 255.255.255.0 172.18.1.0 255.255.0.0
access-list 101 permit ip any any
04-03-2008 09:01 AM
Because the netmask is wrong. Here is the correct one
access-list 101 deny ip 192.168.7.0 255.255.255.0 172.18.1.0 255.255.255.0
access-list 101 permit ip any any
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: