DMVPN and Split Tunneling

Unanswered Question
Nov 20th, 2009

Hello, for a backup to one of my sites MPLS connection, I have an internet connection using a DMVPN spoke back to HQ. I would like to use this link for alternate corporate wide internet access also. I know if this was a client based VPN connection, I could create a split tunnel by applying an ACL to the crypto map for the private destination networks and that traffic would go over the tunnel, all else would go out over the internet connection. I am looking to do something similar for the DMVPN tunnel....any suggestions? Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
venom43212 Fri, 11/20/2009 - 10:28

Thanks Andrew, yeah I have a few ideas somewhere along those lines as well as some policy routing options. I was just wondering if there was a straight forward split tunnel parameter I might have overlooked. I'll be in the lab Monday doing some testing and will let you know how things work out.


kicharle Sun, 11/22/2009 - 20:40


DMVPN only encrypts the traffic that goes through the tunnel. If you want split tunneling, then you need to just have the routing protocols in the DMVPN hub or spokes to advertize the networks that needs to be encrypted. By doing this, routes will be installed through the tunnel interface and traffic that uses that route will be encrypted.

Traffic not going through the route through tunnel interface will be not be encrypted and hence you achieve split tunneling.

With regards



This Discussion

Related Content