Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Routing all traffic inside ipsec tunnel

Hi all,

we have a scenario where a cisco router 857 in a branch office is connected via ipsec to a 3rd party device in the main site. The 3rd party device is doing web filtering.

By now only private traffic is routed inside vpn.

We would like to route also the branch office web traffic trought the tunnel

Anyone knows how to achieve this type of configuration?

The 857 config is attached.

Thanks in advance.

Sergio

Everyone's tags (1)
2 REPLIES
Hall of Fame Super Blue

Re: Routing all traffic inside ipsec tunnel

cocser31183 wrote:

Hi all,

we have a scenario where a cisco router 857 in a branch office is connected via ipsec to a 3rd party device in the main site. The 3rd party device is doing web filtering.

By now only private traffic is routed inside vpn.

We would like to route also the branch office web traffic trought the tunnel

Anyone knows how to achieve this type of configuration?

The 857 config is attached.

Thanks in advance.

Sergio

Sergio

Have you tried changing the crypto map acl 151 to

access-list 151 permit ip 192.168.69.0 0.0.0.255 any

try it and see what happens. From memory it should work but you need to test. Be aware that the 3rd party device crypto map acl will also need updating.

Note i'm assming that the private traffic + the web traffic is all the branch traffic. If it isn't then you will need to modify acl 151 to capture only what you want.

Jon

New Member

Re: Routing all traffic inside ipsec tunnel

Jon,

i've tried your solution yet but traffic keep to get NAT-ed exiting by loopback0, I think cause it matches access-list 101

access-list 101 deny ip 192.168.69.0 0.0.0.255 192.168.62.0 0.0.0.255

access-list 101 permit ip 192.168.69.0 0.0.0.255 any

I've also tried

access-list 101 deny ip 192.168.69.0 0.0.0.255 any

and

access-list 151 permit ip 192.168.69.0 0.0.0.255 any

together but no luck. Ipsec traffic still works but I can't browse the web (on the remote site I accept all from 192.168.69.X).

Do I have to change also the default route in this last case?

Thanks,

Sergio.

269
Views
0
Helpful
2
Replies
CreatePlease to create content