08-16-2008 12:56 AM - edited 03-03-2019 11:09 PM
Hi,
I have a small site with 30 users with 512Kb DSL connection for internet access.
We would like to have a VPN Tunnel with our HQ, can we have Router termninating VPN Tunnel and DSL connection. Physical two internet connection ( both ethernet connection from different ISP )
All traffic to HQ should pass via VPN Tunnel and all internet traffic should pass via DSL.
Can we terminate both Connection on the Router in a secure way.
Solved! Go to Solution.
08-16-2008 06:59 AM
Hello Amin,
as a starting point look at how to make internet access with NAT coexist with an IPsec VPN connection
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml
Hope to help
Giuseppe
08-16-2008 01:06 AM
Hello Amin,
this is possible the most important thing is to use an extended ACL to define what has to be processed NAT where you first deny traffic to the HQ:
access-list 151 deny ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 151 permit ip 192.168.3.0 0.0.0.255 any
the ACL can be invoked by a route-map that can be used in the NAT command.
Similar ACLs will define what has to go encrypted on the VPN tunnel:
access-list 155 permit ip 192.168.3.0 0.0.0.255 192.168.0.0.0 0.0.255.255
You can even use a single physical link for this.
Hope to help
Giuseppe
08-16-2008 01:30 AM
thanks.
can you ellaborate more on route-map.
Is there a cisco config link with similiar to my scenario
08-16-2008 06:59 AM
Hello Amin,
as a starting point look at how to make internet access with NAT coexist with an IPsec VPN connection
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide