Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

lan to lan VPN tunnel, Internet access

I could not find anything on this:

I have a hub an spoke configuration and want the spoke to use it's own DSL for Internet accees.

My understanding is that the NAT and crypto access lists will only allow the secure traffic originating from the LAN interface on the spoke router, to go through the VPN tunnel.

Shouldn't everything else go out the WAN interface to the Internet?

This is not working for me.

What should I be looking for?

1 REPLY
Cisco Employee

Re: lan to lan VPN tunnel, Internet access

That should work, if you have correct NAT rules defined.

Make sure that only VPN traffic is exempted from NAT.

E.G. The local n/w is 10.0.0.0/8 and remote n/w is 192.168.1.0/24 .

You should have a NAT rule something like this :

access-list 102 deny ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255

access-list 102 permit ip 10.0.0.0 0.255.255.255 any

ip nat inside source list 102 interface overload

This way only "denied" traffic will be exempted from NAT.

You might wanna look at the doc :

http://cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009448f.shtml

Its a similar example using a route-map.

*Please rate if helped.

-Kanishka

106
Views
5
Helpful
1
Replies