ACL doesn't work with Client 3.x

wellsgz · ‎06-22-2002

i am useing a cisco 2621 router to be a easy vpn server

and now planning to let net 192.168.0.0/24 to encryption between client and server

so i have the acl like

access-list 180 permit 192.168.0.0 0.0.255.255

and the assign to the crypto isakmp client configuration group

then i dial the vpn client to server, and the network is appear in the statistics window, but it seem that there's no any encrypted transfer between the client and the server , and i notice that there is no a yellow little lock left to the network entry,

Anybody meet the the same problem?

and how can i solve it?

Thanks and Regrads,

Wells Wei

cjacinto · ‎06-22-2002

So 192.168.0.0/24 is the inside network right? What is the ip address pool you give to your client? The acl to enable split tunnelling (which falls under

the group) is of the format:

acl

or you could also use any keyword instead of the vpn client pool.

See:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/ftunity.htm#xtocid24

You would also want to enable the log viewer (filter set to high) on the client to

see what you are getting when you have tried to connect to the router. Router debugs and config you could compare from:

http://www.cisco.com/warp/customer/471/ios-unity.html

wellsgz · ‎06-23-2002

Thank you for ur answer...

i have the client pool 172.30.1.0/24

and i have try to make my acl like access 180 permit ip 192.168.0.0 0.0.255.255 172.30.1.0 0.0.0.255

but i still doesn't work!

the little key still not appear left to the ip subnet range in the vpn client

and my client version is 3.5.2A

u know what happen ? thank you!