Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

OK Site-2-Site VPN , but unable to access to internet

I built a Site-to-Site VPN between the Head Quarter and a remote site. The network traffic must be encrypted when it has across the commercial leased line which is considered an untrusted media.

The network traffic for Internet generated by the hosts of the remote site is transparently proxied by the firewall located at the HQ. Unfourtunately, the traffic from and to Internet is not working for the remote site hosts. The intranet network traffic works.

Cisco strongly discourages the use of keyword "any" in the crypto access list, but how can I tell the routers to encrypt the ip traffic where the source address is unknown?

Can you help me on this?

(I use the following routers: 7206VXR with VAM2 and cisco 2891 with AIM)

4 REPLIES
New Member

Re: OK Site-2-Site VPN , but unable to access to internet

I may be wrong here, but shouldn't NAT take care of that for you - have you adjusted your NAT to translate addresses from both the HQ and the remote site?

Gold

Re: OK Site-2-Site VPN , but unable to access to internet

no extra configuration should be needed for remote site browsing via the hq proxy, providing the remote site can ping the proxy, and the proxy can browse the internet, there shouldn't be any drama.

please post the entire config of both routers for further assistance.

New Member

Re: OK Site-2-Site VPN , but unable to access to internet

hi,

try to tunnel out the encrypted traffic by using the split tunnelling option

use a acl to speccify the traffic to be passed through tunnel then

use the command "split-tunnel acl name

please post if it helps

regards

haris

New Member

Re: OK Site-2-Site VPN , but unable to access to internet

Thanks to cisco engineer , he told the solution because he had a similar problem. He told to build the vpn using the tunnel interface, and issue the following command line on the both sites of the tunnel interfaces:

interface Tunnel 0

ip mtu 1300

ip tcp adjust-mss 1400

This config works for my environment

151
Views
0
Helpful
4
Replies
CreatePlease to create content