Site to Site VPN using IOS and 3030 Concentrator

Unanswered Question
Mar 28th, 2007
User Badges:

This is the first time I've set a VPN site to site using these devices. I've got it working and I can pass traffic between the two locations but I can't get to the Internet from the remote site. I'm assuming I need to modify my access-list. I don't want to do split tunneling and I want all traffic to traverse the corporate site. What is the best way to force all traffic from the remote site to go through the tunnel?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kaachary Sat, 03/31/2007 - 03:44
User Badges:
  • Cisco Employee,

Assuming you have the Router at the remote site.

The crypto ACL on Router would say :

access-list 101 permit ip any

This way all the traffic would be tunneled to the concentrator.

Now, you need to check if you have a TDG (Tunnel DEfaul Gateway) configured on the 3030. Also, check what device is configured as TDG ?

Once you confirm that, I'll let oyu knw the way to configure the Internet access.

Now, assuming, there's no TDG configured, then on 3030 you have to create an Interface PAT rule for the remote LAN.

Add the remote network there, and it shpold work fine.

Hope this helps.



This Discussion