Hello, for a backup to one of my sites MPLS connection, I have an internet connection using a DMVPN spoke back to HQ. I would like to use this link for alternate corporate wide internet access also. I know if this was a client based VPN connection, I could create a split tunnel by applying an ACL to the crypto map for the private destination networks and that traffic would go over the tunnel, all else would go out over the internet connection. I am looking to do something similar for the DMVPN tunnel....any suggestions? Thanks in advance.
I'm not 100% on DMVPN, however I do know they are based on tunnels, a logical course of testing would be to write the ACL that defines the traffic that you want to traverse the DMVPN - then apply it to the tunnel interface in the oubound direction.
Thanks Andrew, yeah I have a few ideas somewhere along those lines as well as some policy routing options. I was just wondering if there was a straight forward split tunnel parameter I might have overlooked. I'll be in the lab Monday doing some testing and will let you know how things work out.
DMVPN only encrypts the traffic that goes through the tunnel. If you want split tunneling, then you need to just have the routing protocols in the DMVPN hub or spokes to advertize the networks that needs to be encrypted. By doing this, routes will be installed through the tunnel interface and traffic that uses that route will be encrypted.
Traffic not going through the route through tunnel interface will be not be encrypted and hence you achieve split tunneling.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :