Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
361
Views
4
Helpful
1
Replies

Internet traffic through ISP rather than IPSEC tunnel

d-g-c
Level 1
Level 1

‎12-06-2006 09:26 AM - edited ‎02-21-2020 01:20 AM

Hi Folks,

Sorry if this question has already been posted, however I couldn't find it in the forums.

Basically my organisation has a central VPN concentrator with Cisco 1800 routers in a spoke topology, at each remote site. Currently all traffic comes through the IP Sec tunnel back to HQ.

Is it possible for us to define an additional subnet at each site (for public access to the Internet) and NAT this traffic out through the 1800 router through our ISP?s network onto the Internet?

Thank you for your help.

Kris

0 Helpful
1 Reply 1

a.kiprawih
Level 7
Level 7

‎12-06-2006 06:33 PM

You can do it by excluding the new subnet from participating or included in the vpn network list.

Currently, you should have access-list specifying the network/subnet address that will go through the IPSec tunnel. Just make sure the new subnet is not in that access-list, and allowed to go direct to internet via serial interface (or equivalent) facing to the ISP.

HTH

AK

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card