03-05-2014 03:07 AM
Hi,
I have a theory question I was hoping someone could shed some light on...
I am currently playting around with remote access using a 871 router and the Cisco VPN client.
I have it working perfectly for a full tunnel (everything is encrypted and sent over the VPN) and also a split tunnel (where traffic for the main office is sent over the VPN andeverythign else goes out locally). But I've come across a new scenario which has thrown me.
In the above two scenario's I specifiy what traffic goes through the VPN tunnel, for example for the split tunnel ACL I specify the address ranges for the local LAN and this traffic passes through the VPN tunnel, the rest then goes out locally. However my question is now: Is there a way to specify which traffic should not go through the VPN tunnel. I.E.I want traffic for one network (10.0.0.0/8 for example) to go out locally and all other traffic go back back over the tunnel. The scenario is there are some local resources I want clients in the branch to be able to access and all other traffic goes back to the central site. (By the way, I appreciate there is a better way to do this with a site-to-site VPN tunnel between the branch router and the HQ router but in this case I want to do it using VPN clients on laptops at the branch site).
I assumed I could create an ACL which just denied certain traffic and permitted the rest but I've tried this and it doesn't seem to work.
I don't need anyone to give me a working config I'm just trying to understand the theory. Is what I'm asking possible? or does it just not work this way?
Many Thanks,
Tom Whittle
03-15-2014 09:14 PM
Hi Tom,
I think this is only possible by adding a specific route on the host level with a lower metric(if needed) pointing the local GW. Don't think there is an automatic way to do this just using VPN client config.
03-17-2014 02:10 AM
Hi,
Many thanks for your response. That is a good idea, so actually putting a route into the routing table of the host machine, in my case windows.
I will give this a go.
Thanks again for your help.
Regards,
Tom
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide