Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN router needs split tunnel

we have a router doing nat and vpn to remote through internet.

PC can vpn without nat (lan-lan), but, how it can re-direct traffic to internet when ip is not nating ?

the router has a default route to internet.

The VPN works fine and internet connections seem to be working once a while and will be locked out.

any idea ?


New Member

Re: VPN router needs split tunnel

You need to create a route-map to define which traffic should use NAT. Here's an example below.

First you need to create an access-list that defines how you want traffic NAT'ed. The example below assumes that is the local network and is the otherside of the VPN tunnel:

access-list 130 deny ip

access-list 130 permit ip any

Next, create a route-map called nonat that uses this access-list:

route-map nonat permit 10

match ip address 130

The final piece is to use this route-map as the source for your NAT statement like this:

ip nat inside source route-map nonat interface Serial0/0 overload

By doing this, all traffic coming from hosts on the network will NOT be NAT'ed if the destination is the other side of the tunnel ( All other traffic will be NAT'ed out the serial interface.

Hope this helps,

Cody Rowland

CreatePlease to create content