DMVPN - remote site can access corporate LAN's but not internet

Unanswered Question
Sep 9th, 2009
User Badges:

Have an interesting one I may need some assistance on.

Have a remote branch site setup on VPN (using DMVPN configuration). The site can access the main headquarters networks just fine, but can't get internet access. I think it's because the VPN router (VPN hub) located at the headquarters has a default route to it's internet routers so it can get access to the internet. We are running EIGRP internally. When I trace from the branch router to say (common public DNS server) the trace dies at the headquarters VPN hub router. When I trace to from the VPN hub router at the headquarters it goes straight out hits the internet routers and is fine.

Thanks in advance for suggestions.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mbroberson1 Thu, 09/10/2009 - 04:47
User Badges:

Hi Laurent,

The setup is link this.

The branch had a fiber connection, but has a backup DSL where we are running DMVPN over as a backup link. Traffic favors of course the fiber, but if there's a cut traffic will go over the backup DSL VPN link.

The branch has a default-route over the fiber to in internal router ad headquarters. The headquarters internal router has a default-route to the internet routers. Internet works fine when your traffic goes over the fiber, but when you test and take the fiber down traffic goes over the backup DSL VPN link to a router that is directly connected to the internet (our VPN hub router). This VPN hub router has a default-route pointing to the internet and a routting table of all our internal sites. This VPN hub router is not our true internet router, it's just a router with a public ip for the sites with DMVPN as a backup.

Hope this helps,



This Discussion