Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
301
Views
0
Helpful
3
Replies

VPN Help

rmwhite59
Level 1
Level 1

‎04-01-2008 05:05 PM

I need to allow 192.168.6.0 accross the vpn tunnel to the 172.18.1.0 network. The 192.168.5.0 crosses the tunnel fine. I do not want 192.168.7.0 to be allowed accross the tunnel. I have attached my ASA 5505 config. Any help would be deeply appreciated

Labels:
Preview file
8 KB
0 Helpful
3 Replies 3

husycisco
Level 7
Level 7

‎04-02-2008 07:10 AM

Hi Raymond,

Issue the following exactly.

access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 172.18.1.0 255.255.255.0

access-list 101 deny ip 192.168.7.0 255.255.255.0 172.18.1.0 255.255.0.0

access-list 101 permit ip any any

group-policy L2L internal

group-policy L2L attributes

vpn-filter value 101

tunnel-group xx.xx.xxx.99 ipsec-attribute

default-group-policy L2L

Regards

0 Helpful

rmwhite59
Level 1
Level 1
In response to husycisco

‎04-03-2008 07:22 AM

Will not accept these commands:

access-list 101 deny ip 192.168.7.0 255.255.255.0 172.18.1.0 255.255.0.0

access-list 101 permit ip any any

0 Helpful

husycisco
Level 7
Level 7
In response to rmwhite59

‎04-03-2008 09:01 AM

Because the netmask is wrong. Here is the correct one

access-list 101 deny ip 192.168.7.0 255.255.255.0 172.18.1.0 255.255.255.0

access-list 101 permit ip any any

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents