Routing two addresses to remote over tunnel and other address go public

Answered Question
Jan 29th, 2009
User Badges:

I have two IP addresses that need to communicate to a remote external IP addresse over established lan to lan tunnel vpn tunnel. All other local machines would route to remote external Ip address over public connections. What is best way to accomplish? Thanks

Correct Answer by John Blakley about 8 years 5 months ago


I'm glad to hear it worked, and thank you for the rating. =)


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
John Blakley Thu, 01/29/2009 - 14:53
User Badges:
  • Purple, 4500 points or more

I would say a policy map would be the best way to go in this situation.

route-map TUNNEL permit 5

match ip address TWO-HOSTS

set ip next-hop

access-lists TWO-HOSTS

permit ip host host

permit ip host host

int fa4 (public address where crypto map is)

ip policy route-map TUNNEL

I don't know if this will work, but it could be a good start



thomuff Fri, 01/30/2009 - 09:38
User Badges:

Here is follow-up question:

What happens when tries to connect to

Is it discarded or routed normally?

Lan segment is is local router DG and ip address on int fa4

Firewall is

ip route

VPN Concentrator is

What would happen to traffic that doesn't match policy route map, would it discard or route normal.

thomuff Fri, 02/06/2009 - 06:49
User Badges:


Can you reply to this post one more time? Your post resolved my issue and I would like to give you credit.



Correct Answer
John Blakley Fri, 02/06/2009 - 07:45
User Badges:
  • Purple, 4500 points or more


I'm glad to hear it worked, and thank you for the rating. =)



This Discussion