The scenario is the following:
I've configured a 837 to act as server for VPNclients. I would that clients connect only to specific resource on the LAN behind the router. So I applied an ACL on inside interface, outbound direction.
The net is 10.168.45.0/24 and the resource to reach is 10.168.45.1.
VPNclients get IP addresses from the pool 192.168.88.232-239.
Below you can find the ACL
no access-list 104 access-list 104 permit ip 192.168.88.232 0.0.0.7 host 10.168.45.1 access-list 104 deny ip 192.168.88.232 0.0.0.7 10.168.45.0 0.0.0.255 access-list 104 permit ip any any
When the client does a ping to 10.168.45.1 it receives an answer but when it tries to ping 10.168.45.2 it receives an answer from the router (the public interface) that destination is unreachable.
Is that correct?
Alex