Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

easy vpn doesn?t apply ip range set in vpngroup

Hi,

we have a remote asa 5005 connecting through easy vpn to our main pix.

on the pix i have the command

access-list acl_splt-usstam permit ip object-group besnk_vpn-allowed 192.168.16.0 255.255.252.0

vpngroup remote-usstam split-tunnel acl_splt-usstam

but when i do a sh access-list on the asa the dynamic generated access-list look like this

access-list _vpnc_acl; 13 elements

access-list _vpnc_acl line 1 extended permit ip host 64.69.103.251 host 81.246.80.82 (hitcnt=2) 0x7d7e8254

access-list _vpnc_acl line 2 extended permit ip 192.168.16.0 255.255.255.0 192.168.1.0 255.255.255.0 (hitcnt=9) 0xe06ae310

access-list _vpnc_acl line 3 extended permit ip 192.168.16.0 255.255.255.0 192.168.2.0 255.255.255.0 (hitcnt=2) 0x25a23786

access-list _vpnc_acl line 4 extended permit ip 192.168.16.0 255.255.255.0 192.168.3.0 255.255.255.0 (hitcnt=2) 0x7a540833

access-list _vpnc_acl line 5 extended permit ip 192.168.16.0 255.255.255.0 192.168.15.0 255.255.255.0 (hitcnt=3) 0x9f7733ce

access-list _vpnc_acl line 6 extended permit ip 192.168.16.0 255.255.255.0 192.168.253.0 255.255.255.0 (hitcnt=2) 0xe172dbda

access-list _vpnc_acl line 7 extended permit ip 192.168.16.0 255.255.255.0 192.168.254.0 255.255.255.0 (hitcnt=2) 0x2caf5ad

access-list _vpnc_acl line 8 extended permit ip 192.168.16.0 255.255.255.0 host 172.16.0.3 (hitcnt=2) 0xc9c4f98d

access-list _vpnc_acl line 9 extended permit ip 192.168.16.0 255.255.255.0 192.168.5.0 255.255.255.0 (hitcnt=2) 0xa7424952

access-list _vpnc_acl line 10 extended permit ip host 64.69.103.251 host 192.168.254.224 (hitcnt=2) 0x90a1856c

access-list _vpnc_acl line 11 extended permit ip host 64.69.103.251 host 192.168.254.225 (hitcnt=2) 0xeabefffa

access-list _vpnc_acl line 12 extended permit ip host 64.69.103.251 192.168.1.0 255.255.255.0 (hitcnt=2) 0x21b7b846

access-list _vpnc_acl line 13 extended permit ip host 64.69.103.251 host 1_vpnc_acl92.168.254.31 (hitcnt=2) 0x6dd2aa42

so the asa only uses the tunnel for 192.168.16.0/24 and niet for 192.168.16.0/22 as intended. i can?t chnage the _vpnc_acl because it?s generated by easy vpn

Can somebody help me out please ?

1 REPLY
Community Member

Re: easy vpn doesn?t apply ip range set in vpngroup

anybody any ideas ?

152
Views
0
Helpful
1
Replies
CreatePlease to create content