lan to lan VPN tunnel, Internet access

Unanswered Question
Mar 10th, 2007
User Badges:

I could not find anything on this:


I have a hub an spoke configuration and want the spoke to use it's own DSL for Internet accees.


My understanding is that the NAT and crypto access lists will only allow the secure traffic originating from the LAN interface on the spoke router, to go through the VPN tunnel.


Shouldn't everything else go out the WAN interface to the Internet?


This is not working for me.


What should I be looking for?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
kaachary Sat, 03/10/2007 - 14:53
User Badges:
  • Cisco Employee,

That should work, if you have correct NAT rules defined.


Make sure that only VPN traffic is exempted from NAT.


E.G. The local n/w is 10.0.0.0/8 and remote n/w is 192.168.1.0/24 .


You should have a NAT rule something like this :


access-list 102 deny ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255

access-list 102 permit ip 10.0.0.0 0.255.255.255 any


ip nat inside source list 102 interface overload


This way only "denied" traffic will be exempted from NAT.


You might wanna look at the doc :


http://cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009448f.shtml


Its a similar example using a route-map.


*Please rate if helped.


-Kanishka

Actions

This Discussion