Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Bypass the VPN for certain subnet

Hey,

I have 2 x Pix 501 routers with a IPSEC VPN running between them. The Pixs connect to each other via a couple of Aironet 1200s set up as bridges. It looks a bit like this:

Pix1 -- Aironet1 -- Aironet2 -- Pix2

We have an ADSL router plugged in to Pix2 for Internet access as well.

On Pix2 I have the following rules:

access-list inside_outbound_nat0_acl permit ip any any

access-list outside_cryptomap_20 permit ip any 192.168.1.0 255.255.255.0

What I want to be able to do is bypass the VPN for traffic in the 172.16.100.0 subnet so I can manage the Aironets. Otherwise I have to unplug the Pix and plug a laptop in to the Aironets to configure them.

Does anyone know how to do that?

Thanks

David Kirk

  • Other Security Subjects
2 REPLIES
New Member

Re: Bypass the VPN for certain subnet

Hi,

just exclude your AIRONET network range from IPSec tunnel access list configuration. It will help. (then enable SSH on aironet devices in order to keep communication secure)There is one prerequisite - routing for your network you use for managing AP's has to be set up correctly.

Cheers

New Member

Re: Bypass the VPN for certain subnet

Hey,

That's exactly what I need to do. I just don't know how to do it. I didn't set this VPN up, and I'm no expert in this area.

The routing should be ok because the outside interfaces of the Pixs and the Aironets are all in the same subnet (172.16.100.0/24).

Thanks

David Kirk

585
Views
0
Helpful
2
Replies
This widget could not be displayed.