Routing all traffic inside ipsec tunnel

cocser31183 · ‎09-02-2010

Hi all,

we have a scenario where a cisco router 857 in a branch office is connected via ipsec to a 3rd party device in the main site. The 3rd party device is doing web filtering.

By now only private traffic is routed inside vpn.

We would like to route also the branch office web traffic trought the tunnel

Anyone knows how to achieve this type of configuration?

The 857 config is attached.

Thanks in advance.

Sergio

Jon Marshall · ‎09-02-2010

cocser31183 wrote:
Hi all,
we have a scenario where a cisco router 857 in a branch office is connected via ipsec to a 3rd party device in the main site. The 3rd party device is doing web filtering.
By now only private traffic is routed inside vpn.
We would like to route also the branch office web traffic trought the tunnel
Anyone knows how to achieve this type of configuration?
The 857 config is attached.
Thanks in advance.
Sergio

Sergio

Have you tried changing the crypto map acl 151 to

access-list 151 permit ip 192.168.69.0 0.0.0.255 any

try it and see what happens. From memory it should work but you need to test. Be aware that the 3rd party device crypto map acl will also need updating.

Note i'm assming that the private traffic + the web traffic is all the branch traffic. If it isn't then you will need to modify acl 151 to capture only what you want.

Jon

cocser31183 · ‎09-02-2010

Jon,

i've tried your solution yet but traffic keep to get NAT-ed exiting by loopback0, I think cause it matches access-list 101

access-list 101 deny ip 192.168.69.0 0.0.0.255 192.168.62.0 0.0.0.255

access-list 101 permit ip 192.168.69.0 0.0.0.255 any

I've also tried

access-list 101 deny ip 192.168.69.0 0.0.0.255 any

and

access-list 151 permit ip 192.168.69.0 0.0.0.255 any

together but no luck. Ipsec traffic still works but I can't browse the web (on the remote site I accept all from 192.168.69.X).

Do I have to change also the default route in this last case?

Thanks,

Sergio.