Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
274
Views
0
Helpful
1
Replies

VPN router needs split tunnel

ewei
Level 1
Level 1

‎08-29-2003 03:20 AM - edited ‎02-21-2020 12:44 PM

we have a router doing nat and vpn to remote through internet.

PC can vpn without nat (lan-lan), but, how it can re-direct traffic to internet when ip is not nating ?

the router has a default route to internet.

The VPN works fine and internet connections seem to be working once a while and will be locked out.

any idea ?

thanks

Labels:
0 Helpful
1 Reply 1

cody.rowland
Level 1
Level 1

‎09-04-2003 04:36 AM

You need to create a route-map to define which traffic should use NAT. Here's an example below.

First you need to create an access-list that defines how you want traffic NAT'ed. The example below assumes that 10.1.1.0/24 is the local network and 10.2.2.0/24 is the otherside of the VPN tunnel:

access-list 130 deny ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255

access-list 130 permit ip 10.1.1.0 0.0.0.255 any

Next, create a route-map called nonat that uses this access-list:

route-map nonat permit 10

match ip address 130

The final piece is to use this route-map as the source for your NAT statement like this:

ip nat inside source route-map nonat interface Serial0/0 overload

By doing this, all traffic coming from hosts on the 10.1.1.0/24 network will NOT be NAT'ed if the destination is the other side of the tunnel (10.2.2.0/24). All other traffic will be NAT'ed out the serial interface.

Hope this helps,

Cody Rowland

0 Helpful
Customers Also Viewed These Support Documents