Bypass the VPN for certain subnet

Unanswered Question
Feb 25th, 2008


I have 2 x Pix 501 routers with a IPSEC VPN running between them. The Pixs connect to each other via a couple of Aironet 1200s set up as bridges. It looks a bit like this:

Pix1 -- Aironet1 -- Aironet2 -- Pix2

We have an ADSL router plugged in to Pix2 for Internet access as well.

On Pix2 I have the following rules:

access-list inside_outbound_nat0_acl permit ip any any

access-list outside_cryptomap_20 permit ip any

What I want to be able to do is bypass the VPN for traffic in the subnet so I can manage the Aironets. Otherwise I have to unplug the Pix and plug a laptop in to the Aironets to configure them.

Does anyone know how to do that?


David Kirk

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tomaslada Tue, 02/26/2008 - 03:47


just exclude your AIRONET network range from IPSec tunnel access list configuration. It will help. (then enable SSH on aironet devices in order to keep communication secure)There is one prerequisite - routing for your network you use for managing AP's has to be set up correctly.


davidrkirk Tue, 02/26/2008 - 11:20


That's exactly what I need to do. I just don't know how to do it. I didn't set this VPN up, and I'm no expert in this area.

The routing should be ok because the outside interfaces of the Pixs and the Aironets are all in the same subnet (


David Kirk


This Discussion