I have VPN setup between a 1710(branch) and 1841(core), and wanted to test it without using split tunnelling. I was told that to enable this, I just need to specify all of the VPN traffic in my VPN ACL. I did this(Permit ip any any), and the VPN traffic still works, but now web traffic doesnt. Then I changed the ACL at the core site to the same and still nothing. I also made sure the subnet was in the NAT ACL at the core site. Anyone have any ideas?
After my initial setup, web and vpn traffic were both working. I started toying around with disabling split tunnelling, and that is when the web traffic stopped working. I need the web traffic to work though, but I want the traffic to go out the internet pipe at my core site
Yes that is what I'm trying to do, and I think its working partially since the web traffic not working tells me something has changed. Here are what my 2 VPN acl's look like
access-list 100 permit ip any any
I also added this line to my NAT acl at the core site
access-list 120 permit ip 192.168.20.0 0.0.0.255 any
I think I know my problem now, when the web traffic is trying to get back to my branch site, it is Natting. I need to change my NAT acl to deny all nat traffic to my branch(I only had the corp subnet setup). I'll try that and post results later. Thanks for the replies
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :