Routing two addresses to remote over tunnel and other address go public

Answered Question
Jan 29th, 2009

I have two IP addresses that need to communicate to a remote external IP addresse over established lan to lan tunnel vpn tunnel. All other local machines would route to remote external Ip address over public connections. What is best way to accomplish? Thanks

Correct Answer by John Blakley about 8 years 2 weeks ago


I'm glad to hear it worked, and thank you for the rating. =)


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
John Blakley Thu, 01/29/2009 - 14:53

I would say a policy map would be the best way to go in this situation.

route-map TUNNEL permit 5

match ip address TWO-HOSTS

set ip next-hop

access-lists TWO-HOSTS

permit ip host host

permit ip host host

int fa4 (public address where crypto map is)

ip policy route-map TUNNEL

I don't know if this will work, but it could be a good start



thomuff Fri, 01/30/2009 - 09:38

Here is follow-up question:

What happens when tries to connect to

Is it discarded or routed normally?

Lan segment is is local router DG and ip address on int fa4

Firewall is

ip route

VPN Concentrator is

What would happen to traffic that doesn't match policy route map, would it discard or route normal.

thomuff Fri, 02/06/2009 - 06:49


Can you reply to this post one more time? Your post resolved my issue and I would like to give you credit.



Correct Answer
John Blakley Fri, 02/06/2009 - 07:45


I'm glad to hear it worked, and thank you for the rating. =)



This Discussion