Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DMVPN split tunnling issue, not able to by pass http traffic at spoke end.

Dear all,

I would appreciate please help me out to resolve following issue.
I have been using DMVPN setup (Routing protocol EIGRP) for 20 site no issue at all and everything is perfectly working.
Now I received one request that I would need to split corporate legitimate traffic and internet traffic at spoke end, so all internet traffic has to forward via local ADSL connection , but I tried to resolve it but  spoke router is  continuously forwarding all traffic to tunnel.
Moreover I found on internet that DMVPN has limitation that split tunneling is not possible.
Please can you suggest me how can I forward internet traffic (HTTP) via local ADSL connection
thanks and regards,

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

DMVPN is not based on policy,

DMVPN is not based on policy, so split tunneling concepts do not apply. 

DMVPN relies on routing to figure out what traffic needs to be tunneled. 

In your cause you need to also differentiate between corporate and Internet HTTP traffic, best put correct routing in place. 

VIP Green

I agree with Marcin.At the

I agree with Marcin.

At the spoke you would need to add a static default route for the internet traffic.  You are also, most likely, injecting a default route into the EIGRP process at the hub, but the static route at the spokes will override this as it has a lower metric.  Depending on your setup, if the ADSL line is on a different interface than that of the DMVPN you could leave the EIGRP default route and use it as a backup incase the ADSL goes down.  But if they are both located off the same interface then there is no point in keeping the injected default route.

--

Please remember to rate and select a correct answer

-- Please remember to rate and select a correct answer
2 REPLIES
Cisco Employee

DMVPN is not based on policy,

DMVPN is not based on policy, so split tunneling concepts do not apply. 

DMVPN relies on routing to figure out what traffic needs to be tunneled. 

In your cause you need to also differentiate between corporate and Internet HTTP traffic, best put correct routing in place. 

VIP Green

I agree with Marcin.At the

I agree with Marcin.

At the spoke you would need to add a static default route for the internet traffic.  You are also, most likely, injecting a default route into the EIGRP process at the hub, but the static route at the spokes will override this as it has a lower metric.  Depending on your setup, if the ADSL line is on a different interface than that of the DMVPN you could leave the EIGRP default route and use it as a backup incase the ADSL goes down.  But if they are both located off the same interface then there is no point in keeping the injected default route.

--

Please remember to rate and select a correct answer

-- Please remember to rate and select a correct answer
39
Views
0
Helpful
2
Replies