RVS4000 forward web traffic

Unanswered Question
May 24th, 2010
User Badges:

We have a client with several disperate sites, currently running either very old Snap Gear routers, or DD-WRT flashed linksys devices.


We have started moving them to RVS4000 hardware at their smaller sites.


I can't work out how to get the device to redirect port 80 + 443 traffic to the parent site via VPN.


They currently have (via the old devices) a connection to their local ISP via ADSL and a VPN connection to their parent site. The routers are configured to block some traffic, and send all web traffic to the parent site (for filtering, monitoring, logging etc).


How can we configure the RVS4000 to replicate that behaviour? (port blocking is fine using the P2P/IM pages) I can't work out how to just forward TCP/80 and TCP/443 out the VPN connection.


Cheers,

Troy

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
David Hornstein Mon, 05/24/2010 - 19:21
User Badges:
  • Gold, 750 points or more

Hi troy,


I think you are thinking too deeply regarding how the VPN decides how to sent packets via IPSec tunnel between RVS4000's.


Actually it's a filter match in the VPN  configuration.


If your outgoing packets meets the requirements of the filter match for local and remote locations , the packet will travel through the VPN.  If not it will go out the default route to the internet,


Maybe a look ( sorry an older config page) at the VPN configuration page could be more useful talk talking about it.  See attached screen print.


regards Dave

Attachment: 
troy.kelly Mon, 05/24/2010 - 19:28
User Badges:

Cheers Dave,


I am just not sure where to set up that filter to trigger the traversal of the VPN, as opposed to just going the default route.


Where are the filters configured? As far as I can see - it just adds a route for the VPN, and that's that.


Troy

troy.kelly Fri, 05/28/2010 - 18:32
User Badges:

Anyone?


I can't work out why you would be able to bring up multiple VPN's - if you can't build rules (port based) for sending traffic over them?


Surely there are other people out there who want to be able to automatically redirect SMTP, HTTP etc to a specific server?

Steven DiStefano Sat, 05/29/2010 - 05:48
User Badges:
  • Blue, 1500 points or more

Hi,

Just reading your post but not near a RVS4000 at this time.  I know when we set up Small Business Routers for IPSec VPN, we specify a Local subnet and a remote subnet, per tunnel.  SO if each site has a unique local subnet (192.168.10.0/24, 192.168.20.0/24, ...etc.) then when you build the tunnel between the two sites, you will specify these networks.


So any client in site A who wants to query the Webserver or Print server, whatever, of site B uses that other sites Private NAT subnet address, and the tunnel routes it there.


I once set up a branch site that had internet access, but it was desired behavior to route ALL client traffic originating from the branch, via the main campus before hitting the internet (for logging as you said).

I wrote that one down here: https://supportforums.cisco.com/docs/DOC-10261


Not sure if this helps, but wanted to try.


Steve D

US Partner Sales Team

.