Solved: DSL / VPN on Same Router

Amin Shaikh · ‎08-16-2008

Hi,

I have a small site with 30 users with 512Kb DSL connection for internet access.

We would like to have a VPN Tunnel with our HQ, can we have Router termninating VPN Tunnel and DSL connection. Physical two internet connection ( both ethernet connection from different ISP )

All traffic to HQ should pass via VPN Tunnel and all internet traffic should pass via DSL.

Can we terminate both Connection on the Router in a secure way.

Giuseppe Larosa · ‎08-16-2008

Hello Amin,

as a starting point look at how to make internet access with NAT coexist with an IPsec VPN connection

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎08-16-2008

Hello Amin,

this is possible the most important thing is to use an extended ACL to define what has to be processed NAT where you first deny traffic to the HQ:

access-list 151 deny ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.255.255

access-list 151 permit ip 192.168.3.0 0.0.0.255 any

the ACL can be invoked by a route-map that can be used in the NAT command.

Similar ACLs will define what has to go encrypted on the VPN tunnel:

access-list 155 permit ip 192.168.3.0 0.0.0.255 192.168.0.0.0 0.0.255.255

You can even use a single physical link for this.

Hope to help

Giuseppe

Amin Shaikh · ‎08-16-2008

thanks.

can you ellaborate more on route-map.

Is there a cisco config link with similiar to my scenario

Giuseppe Larosa · ‎08-16-2008

Hello Amin,

as a starting point look at how to make internet access with NAT coexist with an IPsec VPN connection

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml

Hope to help

Giuseppe