Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
862
Views
0
Helpful
2
Replies

Bypass the VPN for certain subnet

david-kirk
Level 1
Level 1

‎02-25-2008 06:09 PM - edited ‎02-21-2020 03:35 PM

Hey,

I have 2 x Pix 501 routers with a IPSEC VPN running between them. The Pixs connect to each other via a couple of Aironet 1200s set up as bridges. It looks a bit like this:

Pix1 -- Aironet1 -- Aironet2 -- Pix2

We have an ADSL router plugged in to Pix2 for Internet access as well.

On Pix2 I have the following rules:

access-list inside_outbound_nat0_acl permit ip any any

access-list outside_cryptomap_20 permit ip any 192.168.1.0 255.255.255.0

What I want to be able to do is bypass the VPN for traffic in the 172.16.100.0 subnet so I can manage the Aironets. Otherwise I have to unplug the Pix and plug a laptop in to the Aironets to configure them.

Does anyone know how to do that?

Thanks

David Kirk

Labels:
0 Helpful
2 Replies 2

tomaslada
Level 1
Level 1

‎02-26-2008 03:47 AM

Hi,

just exclude your AIRONET network range from IPSec tunnel access list configuration. It will help. (then enable SSH on aironet devices in order to keep communication secure)There is one prerequisite - routing for your network you use for managing AP's has to be set up correctly.

Cheers

0 Helpful

davidrkirk
Level 1
Level 1
In response to tomaslada

‎02-26-2008 11:20 AM

Hey,

That's exactly what I need to do. I just don't know how to do it. I didn't set this VPN up, and I'm no expert in this area.

The routing should be ok because the outside interfaces of the Pixs and the Aironets are all in the same subnet (172.16.100.0/24).

Thanks

David Kirk

0 Helpful
Customers Also Viewed These Support Documents