Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

DMVPN and Split Tunneling

Hello, for a backup to one of my sites MPLS connection, I have an internet connection using a DMVPN spoke back to HQ. I would like to use this link for alternate corporate wide internet access also. I know if this was a client based VPN connection, I could create a split tunnel by applying an ACL to the crypto map for the private destination networks and that traffic would go over the tunnel, all else would go out over the internet connection. I am looking to do something similar for the DMVPN tunnel....any suggestions? Thanks in advance.

Everyone's tags (2)

Re: DMVPN and Split Tunneling

I'm not 100% on DMVPN, however I do know they are based on tunnels, a logical course of testing would be to write the ACL that defines the traffic that you want to traverse the DMVPN - then apply it to the tunnel interface in the oubound direction.


New Member

Re: DMVPN and Split Tunneling

Thanks Andrew, yeah I have a few ideas somewhere along those lines as well as some policy routing options. I was just wondering if there was a straight forward split tunnel parameter I might have overlooked. I'll be in the lab Monday doing some testing and will let you know how things work out.


Re: DMVPN and Split Tunneling

Just for funzies, I will be in the lab Monday testing something else - I think I will tac this onto my list also!

New Member

Re: DMVPN and Split Tunneling


DMVPN only encrypts the traffic that goes through the tunnel. If you want split tunneling, then you need to just have the routing protocols in the DMVPN hub or spokes to advertize the networks that needs to be encrypted. By doing this, routes will be installed through the tunnel interface and traffic that uses that route will be encrypted.

Traffic not going through the route through tunnel interface will be not be encrypted and hence you achieve split tunneling.

With regards


CreatePlease to create content