object-group network NETWORK_OBJ_10.1.10.0_26 (vpnclient_net)
network-object 10.1.10.0 255.255.255.0
object-group network DM_INLINE_NETWORK (inside_net)
network-object object 192.168.0.0 255.255.0.0
network-object object 10.0.0.0 255.0.0.0
nat (inside,outside) source static DM_INLINE_NETWORK DM_INLINE_NETWORK destination static NETWORK_OBJ_10.1.10.0_26 NETWORK_OBJ_10.1.10.0_26
VPN-SSL# sh nat
Manual NAT Policies (Section 1)
1 (inside) to (outside) source static DM_INLINE_NETWORK DM_INLINE_NETWORK destination static NETWORK_OBJ_10.1.10.0_26 NETWORK_OBJ_10.1.10.0_26
translate_hits = 3, untranslate_hits = 15
VPN-SSL# sh xl
1 in use, 155 most used
Flags: D - DNS, i - dynamic, r - portmap, s - static, I - identity, T - twice
NAT from inside:192.168.0.0/16, 10.0.0.0/8 to outside:192.168.0.0/16,
10.0.0.0/8
flags sI idle 0:00:08 timeout 0:00:00
二、SplitTunnel
splitTunnel, ipsec vpn 建立連線後,依然可以上 internet
建立 ACL
access-list lab_splitTunnelAcl standard permit 10.0.0 .0 255.0.0.0
access-list lab_splitTunnelAcl standard permit 192.168.0.0 255.255.0.0
套用在 group-policy 上
group-policy lab attributes
dns-server value 10.1.1 .1
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value lab_splitTunnelAcl
