Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
372
Views
0
Helpful
1
Replies

Site to Site VPN using IOS and 3030 Concentrator

jeff.vargas
Level 1
Level 1

‎03-28-2007 01:19 PM - edited ‎02-21-2020 01:27 AM

This is the first time I've set a VPN site to site using these devices. I've got it working and I can pass traffic between the two locations but I can't get to the Internet from the remote site. I'm assuming I need to modify my access-list. I don't want to do split tunneling and I want all traffic to traverse the corporate site. What is the best way to force all traffic from the remote site to go through the tunnel?

0 Helpful
1 Reply 1

kaachary
Cisco Employee
Cisco Employee

‎03-31-2007 03:44 AM

Assuming you have the Router at the remote site.

The crypto ACL on Router would say :

access-list 101 permit ip any

This way all the traffic would be tunneled to the concentrator.

Now, you need to check if you have a TDG (Tunnel DEfaul Gateway) configured on the 3030. Also, check what device is configured as TDG ?

Once you confirm that, I'll let oyu knw the way to configure the Internet access.

Now, assuming, there's no TDG configured, then on 3030 you have to create an Interface PAT rule for the remote LAN.

http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_7/config/polmgt.htm#wp1008375

Add the remote network there, and it shpold work fine.

Hope this helps.

-Kanishka

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card