01-29-2009 02:37 PM - edited 03-04-2019 01:02 AM
I have two IP addresses that need to communicate to a remote external IP addresse over established lan to lan tunnel vpn tunnel. All other local machines would route to remote external Ip address over public connections. What is best way to accomplish? Thanks
Solved! Go to Solution.
02-06-2009 07:45 AM
Tom,
I'm glad to hear it worked, and thank you for the rating. =)
John
01-29-2009 02:53 PM
I would say a policy map would be the best way to go in this situation.
route-map TUNNEL permit 5
match ip address TWO-HOSTS
set ip next-hop
access-lists TWO-HOSTS
permit ip host 192.168.1.1 host 172.17.2.2
permit ip host 192.168.1.2 host 172.17.2.2
int fa4 (public address where crypto map is)
ip policy route-map TUNNEL
I don't know if this will work, but it could be a good start
HTH,
John
01-30-2009 09:38 AM
Here is follow-up question:
What happens when 192.168.1.3 tries to connect to 172.17.2.2
Is it discarded or routed normally?
Lan segment is 192.168.1.0/24
192.168.1.1 is local router DG and ip address on int fa4
Firewall is 192.168.1.250
ip route 0.0.0.0 0.0.0.0 192.168.1.250
VPN Concentrator is 192.168.1.100
What would happen to traffic that doesn't match policy route map, would it discard or route normal.
02-06-2009 06:49 AM
John,
Can you reply to this post one more time? Your post resolved my issue and I would like to give you credit.
Thanks
Tom
02-06-2009 07:45 AM
Tom,
I'm glad to hear it worked, and thank you for the rating. =)
John
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: