Site to Site VPN using IOS and 3030 Concentrator

Unanswered Question
Mar 28th, 2007

This is the first time I've set a VPN site to site using these devices. I've got it working and I can pass traffic between the two locations but I can't get to the Internet from the remote site. I'm assuming I need to modify my access-list. I don't want to do split tunneling and I want all traffic to traverse the corporate site. What is the best way to force all traffic from the remote site to go through the tunnel?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kaachary Sat, 03/31/2007 - 03:44

Assuming you have the Router at the remote site.

The crypto ACL on Router would say :

access-list 101 permit ip any

This way all the traffic would be tunneled to the concentrator.

Now, you need to check if you have a TDG (Tunnel DEfaul Gateway) configured on the 3030. Also, check what device is configured as TDG ?

Once you confirm that, I'll let oyu knw the way to configure the Internet access.

Now, assuming, there's no TDG configured, then on 3030 you have to create an Interface PAT rule for the remote LAN.

http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_7/config/polmgt.htm#wp1008375

Add the remote network there, and it shpold work fine.

Hope this helps.

-Kanishka

Actions

This Discussion