VPN traffic not routed when ATM / Dialer interface is up

Answered Question
Oct 9th, 2008
User Badges:

I have an 1841 router using a serial port for T1 and an ATM WIC for ADSL. I want all traffic going to my company's data center to go out the T1 and all other traffic to go out the ADSL connection. There is a VPN connection to the data center that works fine until the ATM/dialer interface is enabled. The VPN tunnel is created but no traffic gets routed out the VPN. I've attached the config of the router.



Correct Answer by ajagadee about 8 years 5 months ago

Jason,


Can you try configuring the below routes and do the testing again.


ip route datacenterLAN 255.255.255.0 serial0/0/0

ip route datacenterLAN2 255.255.0.0 serial0/0/0

ip route datacenterLAN3 255.255.255.0 serial0/0/0



ip route datacenterLAN 255.255.255.0 Dialer1 5

ip route datacenterLAN2 255.255.0.0 Dialer1 5

ip route datacenterLAN3 255.255.255.0 Dialer1 5


Regards,

Arul


** Please rate all helpful posts **

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
ajagadee Thu, 10/09/2008 - 10:58
User Badges:
  • Cisco Employee,

Jason,


Can you try configuring the below routes and do the testing again.


ip route datacenterLAN 255.255.255.0 serial0/0/0

ip route datacenterLAN2 255.255.0.0 serial0/0/0

ip route datacenterLAN3 255.255.255.0 serial0/0/0



ip route datacenterLAN 255.255.255.0 Dialer1 5

ip route datacenterLAN2 255.255.0.0 Dialer1 5

ip route datacenterLAN3 255.255.255.0 Dialer1 5


Regards,

Arul


** Please rate all helpful posts **

jasonww04 Thu, 10/09/2008 - 12:37
User Badges:

if I put those routes in, traffic to the datacenterLAN won't go through the VPN like I want.

ajagadee Thu, 10/09/2008 - 13:53
User Badges:
  • Cisco Employee,

Jason,


I am little lost, Sorry. In the below configuration, your default gateway is pointing through the Dialer1 interface and you have a floating default route via your serial interface.


ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 0.0.0.0 0.0.0.0 serial0/0/0 5

ip route datacenterIP 255.255.255.0 serial0/0/0

ip route datacenterIP 255.255.255.0 Dialer1 5


As far as the Dialer1 interface is down, traffic should flow across the serial interface. But, as soon as you bring the Dialer1 interface up, traffic (including traffic destined for DC LAN) will go through the Dialer1 interface and not flow through the IPSEC Tunnel. Because, crypto map is applied on the Serial Interface.


Please let me know if I am missing something here.


Regards,

Arul


** Please rate all helpful posts **

jasonww04 Thu, 10/09/2008 - 14:51
User Badges:

I'm going to try the change a little later (after hours) and see what happens. Although I'm not quite sure why it's not working as is.


I have another site that is splitting traffic and the VPN works fine without routes. I've attached that config. The only difference is that this site has a route to the VPN server at the datacenter via the interface that is for internet traffic.



Attachment: 

Actions

This Discussion