Solved: Routing two addresses to remote over tunnel and other address go public

thomuff · ‎01-29-2009

I have two IP addresses that need to communicate to a remote external IP addresse over established lan to lan tunnel vpn tunnel. All other local machines would route to remote external Ip address over public connections. What is best way to accomplish? Thanks

John Blakley · ‎02-06-2009

Tom,

I'm glad to hear it worked, and thank you for the rating. =)

John

HTH, John *** Please rate all useful posts ***

View solution in original post

John Blakley · ‎01-29-2009

I would say a policy map would be the best way to go in this situation.

route-map TUNNEL permit 5

match ip address TWO-HOSTS

set ip next-hop

access-lists TWO-HOSTS

permit ip host 192.168.1.1 host 172.17.2.2

permit ip host 192.168.1.2 host 172.17.2.2

int fa4 (public address where crypto map is)

ip policy route-map TUNNEL

I don't know if this will work, but it could be a good start

HTH,

John

HTH, John *** Please rate all useful posts ***

thomuff · ‎01-30-2009

Here is follow-up question:

What happens when 192.168.1.3 tries to connect to 172.17.2.2

Is it discarded or routed normally?

Lan segment is 192.168.1.0/24

192.168.1.1 is local router DG and ip address on int fa4

Firewall is 192.168.1.250

ip route 0.0.0.0 0.0.0.0 192.168.1.250

VPN Concentrator is 192.168.1.100

What would happen to traffic that doesn't match policy route map, would it discard or route normal.

thomuff · ‎02-06-2009

John,

Can you reply to this post one more time? Your post resolved my issue and I would like to give you credit.

Thanks

Tom

John Blakley · ‎02-06-2009

Tom,

I'm glad to hear it worked, and thank you for the rating. =)

John

HTH, John *** Please rate all useful posts ***