Site-to-site vpn with internet access

karien.verster · ‎12-10-2007

Hi,

im configuring a vpn tunnel between 2 sites over an adsl line. Could anyone tell me how this would change both site's internet access ability?

since the vpn uses the internet link to become a point-to-point link between the two sites, how will the users reach the internet? will this vpn tunnel stop internet access, or am i just over complicating things?

acomiskey · ‎12-10-2007

The configuration of the tunnel will determine which traffic is encrypted across it. The traffic which is not defined will be free to go to the internet unencrypted.

karien.verster · ‎12-11-2007

ok, but what if the whole network needed to traverse the tunnel and still be able to access the internet?

or are you just saying i have to make really intricate ACLs?

acomiskey · ‎12-11-2007

Just define the traffic you want to traverse the tunnel, all other traffic will go out to the internet. Let's say the network that needs to traverse the tunnel is 192.168.1.0 and the remote network being tunneled to is 192.168.2.0. Then the acl defining interesting traffic would simply be.

access-list crypto extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

karien.verster · ‎12-11-2007

Thank you very much. this has helped me a great deal!

now let me get to it!