Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN router needs split tunnel

we have a router doing nat and vpn to remote through internet.

PC can vpn without nat (lan-lan), but, how it can re-direct traffic to internet when ip is not nating ?

the router has a default route to internet.

The VPN works fine and internet connections seem to be working once a while and will be locked out.

any idea ?

thanks

1 REPLY
New Member

Re: VPN router needs split tunnel

You need to create a route-map to define which traffic should use NAT. Here's an example below.

First you need to create an access-list that defines how you want traffic NAT'ed. The example below assumes that 10.1.1.0/24 is the local network and 10.2.2.0/24 is the otherside of the VPN tunnel:

access-list 130 deny ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255

access-list 130 permit ip 10.1.1.0 0.0.0.255 any

Next, create a route-map called nonat that uses this access-list:

route-map nonat permit 10

match ip address 130

The final piece is to use this route-map as the source for your NAT statement like this:

ip nat inside source route-map nonat interface Serial0/0 overload

By doing this, all traffic coming from hosts on the 10.1.1.0/24 network will NOT be NAT'ed if the destination is the other side of the tunnel (10.2.2.0/24). All other traffic will be NAT'ed out the serial interface.

Hope this helps,

Cody Rowland

92
Views
0
Helpful
1
Replies
CreatePlease to create content