Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
638
Views
0
Helpful
2
Replies

How to get access to Internet when VPN fail?

master_serg
Level 1
Level 1

‎05-14-2012 05:04 AM

Hello,

I have configured Site-to-Site IPSec VPN and it works.

Our clients have access to inside network and Internet ("hairpinning").

How can I configure access to Internet on remote networks clients if VPN tunnel fail?

Remote devices is ASA5505 and Cisco 861.

When VPN works i have access to Internet over central office gateway.

In case when VPN fail i need still have access to Internet over local (remote device) gateway.

It's possible?

Thanks.

Labels:
0 Helpful
2 Replies 2

Gary Shives
Level 1
Level 1

‎05-14-2012 08:04 AM

you need to allow "split tunneling". Do a search on the Cisco web site for "Allow VPN Split Tunneling". The have examples on how to config.

Sent from Cisco Technical Support iPad App

0 Helpful

master_serg
Level 1
Level 1
In response to Gary Shives

‎05-14-2012 11:15 PM

I just try to understand how split tunneling can help me in this situation.

Split tunneling used for accessing to protected network resources and Internet resources simulationely - for REMOTE VPN users becourse all traffic go thru vpn to protected network and access to resources of local Internet provider is impossible.

In my case i'm  use SITE-2-SITE VPN and protect all traffic, so users HAVE access to protected network and Internet but for access Internet used gateway of central office not local provider.

Question is: In case when central office have no Internet so VPN is fail and other SITE can't access protected networks and Internet, HOW i configure other SITE devices for, IN THAT CASE, automaticaly use local providers gateway and after VPN is OK use central office provider?

Some info for explain...

SITE A (Central office)

SITE B (OTHER SITE)

SITE A CRYPTOMAP source=ANY destination=OTHER_SITE_NETWORK

SITE B CRYPTOMAP source=OTHER_SITE_NETWORK destination=ANY

SITE A NAT (inside,outside) OTHER_SITE_NETWORK to OUTSIDE

SITE B NAT EXEMPT ALL TRAFFIC from NAT   - in that case Internet requests of OTHER SITE go thru VPN to SITE A  and to Internet to SITE A providers gateway

if

SITE B NAT EXEMPT only SITE_B_NETWORK to SITE_A_NETWORK - in that case Internet requests of OTHER SITE go directly to local (SITE B) providers gateway.

0 Helpful
Customers Also Viewed These Support Documents