Remote access VPN, NAT and PBR

Unanswered Question
Jul 8th, 2010

Hi

On the router there is PBR configured because of multihoming.  Now when remote users connect via VPN they connect fine but are not able to access any resources due to the fact that the traffic is PBR to one ISP but not to the other (internet only traffic).  This PBR needs to remain in place.  Is there a way to exclude VPN users from the PBR?


Thanks


Koen

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Thu, 07/08/2010 - 06:28

Hi,


The VPN users should have their own pool of IP addresses assigned when they connect via VPN.

In this way using ACLs, you can exclude the VPN subnet from PBR.


Federico.

kpintens Thu, 07/08/2010 - 06:33

They are in their own pool and tried denying that in the ACL for PBR but still no joy

Federico Coto F... Thu, 07/08/2010 - 06:40

So what happens to the VPN clients when they connect?

They are routed out to some ISP instead of been able to access the inside network?


What does the PBR looks like?


Federico.

kpintens Thu, 07/08/2010 - 06:49

users connect fine, when coming from both ISP's but when a remote user connects it can come from anywhere, access to the resources works if coming from ISP 1 but not from the other one (and this should be ISP x because this should be any ISP worldwide)

PBR is set to route traffic from certain servers via ISP 1, ISP 2 is  used for internet access

zeuscyril Sun, 03/11/2012 - 00:17

hi federico,


is this scanrio is possible or not ?


if it is possible guide me.atleast tell me the status (possible or not possible).because i am trying mor than a week for this type of solution.


thanks

cyril

jeffrey-hughes Wed, 01/19/2011 - 14:01

Does anyone have a solution for this?  I am running into a similiar  situation.  I have a 2911 with 2 ISPs.  ISP1 is for internet traffic  only, ISP2 is for remote locations connected via Tunnels.  When I  connect via Remote VPN, I connect, but can not access ANY resource.


Remote VPN has unique network, 172.27.0.0/24

172.27.0.0/24 is excluded from PBR ACLs

Remote VPN is setup on ISP2 - Same as the VPN Tunnels.


Any help would be appreciated.

zeuscyril Tue, 03/06/2012 - 06:35

hi all,


i am facing same issue anybody got solution for this


or it is not possible at all.



thanks

cyril

Actions

This Discussion