Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Internet traffic through ISP rather than IPSEC tunnel

Hi Folks,

Sorry if this question has already been posted, however I couldn't find it in the forums.

Basically my organisation has a central VPN concentrator with Cisco 1800 routers in a spoke topology, at each remote site. Currently all traffic comes through the IP Sec tunnel back to HQ.

Is it possible for us to define an additional subnet at each site (for public access to the Internet) and NAT this traffic out through the 1800 router through our ISP?s network onto the Internet?

Thank you for your help.

Kris

1 REPLY

Re: Internet traffic through ISP rather than IPSEC tunnel

You can do it by excluding the new subnet from participating or included in the vpn network list.

Currently, you should have access-list specifying the network/subnet address that will go through the IPSec tunnel. Just make sure the new subnet is not in that access-list, and allowed to go direct to internet via serial interface (or equivalent) facing to the ISP.

HTH

AK

108
Views
4
Helpful
1
Replies