×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Tunnel All traffic through VPN

Unanswered Question
Oct 20th, 2014
User Badges:

Hi,

 

I am using Cisco AWS router with version 15.4. I have set up a Remote access VPN and its working fine with split tunneling but if I set up a VPN to tunnel all the traffic (Including Internet) its not working means I am not able to access internet.

Internal Network - 10.0.1.0 0.0.0.255

VPN Poool - 192.168.10.2 - 192.168.10.10

External interface - GigabitEthernet1

Inside Interface - GigabitEthernet2

 

crypto isakmp policy 12
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group awcvpn
 key Cisco123
 pool vpnpool
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
 mode tunnel
!
!
!
crypto dynamic-map dynmap 10
 set transform-set myset
 reverse-route
!
!
crypto map awpmap client authentication list vpnauthn
crypto map awpmap isakmp authorization list vpnauthr
crypto map awpmap client configuration address respond
crypto map awpmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
!
interface Loopback0
 ip address 10.11.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface VirtualPortGroup0
 ip unnumbered GigabitEthernet1
!
interface GigabitEthernet1
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 ip policy route-map VPN-Client
 negotiation auto
 crypto map awpmap
!
interface GigabitEthernet2
 ip address 10.0.1.105 255.255.255.0
 ip nat inside
 negotiation auto
!
!
virtual-service csr_mgmt
!
ip local pool vpnpool 192.168.10.2 192.168.10.10
ip nat inside source list 111 interface GigabitEthernet1 overload
ip forward-protocol nd
!
no ip http server
ip http secure-server
!
access-list 111 deny   ip 10.0.1.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 111 permit ip 10.0.1.0 0.0.0.255 any
access-list 111 deny   ip 192.168.10.0 0.0.0.255 10.0.1.0 0.0.0.255
access-list 111 permit ip 192.168.10.0 0.0.0.255 any
access-list 144 permit ip 192.168.10.0 0.0.0.255 any
!
route-map VPN-Client permit 10
 match ip address 144
 set ip next-hop 10.11.0.2

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marius Gunnerud Thu, 10/30/2014 - 03:02
User Badges:
  • Red, 2250 points or more
  • Cisco Designated VIP,

    2017 Firewalling

What is IP 10.11.0.2 assigned to?

Without knowing the acctual circumstances I would suggest first removing the route-map from the Gig1 interface, or at least makeing ACL 144 more specific than having any as the destination.

--

Please remember to select a correct answer and rate helpful posts

Marius Gunnerud Thu, 10/30/2014 - 04:22
User Badges:
  • Red, 2250 points or more
  • Cisco Designated VIP,

    2017 Firewalling

Is this your full configuration or have you left some config out?

If this is your whole config then you need to add a default route:

ip route 0.0.0.0 0.0.0.0 dhcp

try adding that and then test.  Let us know how it goes

--

Please remember to select a correct answer and rate helpful posts

shekharmore003 Fri, 10/31/2014 - 03:57
User Badges:

Its a virtual router in Amazon cloud and default route is already present

Gateway of last resort is 10.0.0.1 to network 0.0.0.0

S*    0.0.0.0/0 [254/0] via 10.0.0.1

Actions

This Discussion

Related Content