lan to lan VPN tunnel, Internet access

Unanswered Question
Mar 10th, 2007

I could not find anything on this:

I have a hub an spoke configuration and want the spoke to use it's own DSL for Internet accees.

My understanding is that the NAT and crypto access lists will only allow the secure traffic originating from the LAN interface on the spoke router, to go through the VPN tunnel.

Shouldn't everything else go out the WAN interface to the Internet?

This is not working for me.

What should I be looking for?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
kaachary Sat, 03/10/2007 - 14:53

That should work, if you have correct NAT rules defined.

Make sure that only VPN traffic is exempted from NAT.

E.G. The local n/w is 10.0.0.0/8 and remote n/w is 192.168.1.0/24 .

You should have a NAT rule something like this :

access-list 102 deny ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255

access-list 102 permit ip 10.0.0.0 0.255.255.255 any

ip nat inside source list 102 interface overload

This way only "denied" traffic will be exempted from NAT.

You might wanna look at the doc :

http://cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009448f.shtml

Its a similar example using a route-map.

*Please rate if helped.

-Kanishka

Actions

This Discussion