https://community.cisco.com/t5/network-security/split-traffic-between-vpn-and-internet-using-different-isp-s/m-p/1757895#M532396 <HTML><HEAD></HEAD><BODY><P>Hi There, </P><P></P><P>You can do this, you just need to make a few adjustments:</P><P></P><UL><LI>Apply the crypto map to the cable interface and enable isakmp on that interface. </LI></UL><P></P><UL><LI>Add routes to the remote site's private subnets via the cable's interface next hop e.g</LI></UL><P></P><P>route outside 10.0.1.0 255.255.255.0 a.b.c.d </P><P></P><UL><LI>Add routes the remote site's public IP addresses via the cable's interface next hop</LI></UL><P></P><P>route outside w.x.y.z 255.255.255.255 a.b.c.d</P><P></P><UL><LI>If&nbsp; you are running 8.3 or 8.4 modify the NAT exemption rules for the VPN Tunnels from static (inside,outside) xxxx to something like static (inside,cable) xxxx </LI></UL><P></P><UL><LI>Point your remote site's peer address to the new IP Address </LI></UL><P></P><P>I hope this helps. Let us know if you have any other questions. </P><P></P><P>Raga <SPAN __jive_emoticon_name="cool" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/tiny_mce3/plugins/jiveemoticons/images/spacer.gif"></SPAN></P></BODY></HTML> Fri, 26 Aug 2011 19:36:39 GMT raga.fusionet 2011-08-26T19:36:39Z https://community.cisco.com/t5/network-security/split-traffic-between-vpn-and-internet-using-different-isp-s/m-p/1757894#M532395 <P>What we are trying to accomplish here use two ISP's (one cable and one T1), use the Cable line for site-to-site VPN and use T1 line for all internet traffic. We currently use the following configuration: Cisco 2820 routers terminating the T1 -&gt; HP switch -&gt; Cisco AS 5510 port 0 -&gt; port 1 to LAN switch (Nortel 5510)</P><P></P><P>We want to force all VPN traffic (using 10.0.0.0/24 subnets - 10.0.1.0, 10.0.2.0, etc) through a cable connection, perhaps on port 2 of the ASA, then all non VPN traffic goes to the T1.</P><P></P><P>Is it possible to do this without too much difficulty?</P> Mon, 11 Mar 2019 21:17:38 GMT https://community.cisco.com/t5/network-security/split-traffic-between-vpn-and-internet-using-different-isp-s/m-p/1757894#M532395 kvmann2 2019-03-11T21:17:38Z https://community.cisco.com/t5/network-security/split-traffic-between-vpn-and-internet-using-different-isp-s/m-p/1757895#M532396 <HTML><HEAD></HEAD><BODY><P>Hi There, </P><P></P><P>You can do this, you just need to make a few adjustments:</P><P></P><UL><LI>Apply the crypto map to the cable interface and enable isakmp on that interface. </LI></UL><P></P><UL><LI>Add routes to the remote site's private subnets via the cable's interface next hop e.g</LI></UL><P></P><P>route outside 10.0.1.0 255.255.255.0 a.b.c.d </P><P></P><UL><LI>Add routes the remote site's public IP addresses via the cable's interface next hop</LI></UL><P></P><P>route outside w.x.y.z 255.255.255.255 a.b.c.d</P><P></P><UL><LI>If&nbsp; you are running 8.3 or 8.4 modify the NAT exemption rules for the VPN Tunnels from static (inside,outside) xxxx to something like static (inside,cable) xxxx </LI></UL><P></P><UL><LI>Point your remote site's peer address to the new IP Address </LI></UL><P></P><P>I hope this helps. Let us know if you have any other questions. </P><P></P><P>Raga <SPAN __jive_emoticon_name="cool" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/tiny_mce3/plugins/jiveemoticons/images/spacer.gif"></SPAN></P></BODY></HTML> Fri, 26 Aug 2011 19:36:39 GMT https://community.cisco.com/t5/network-security/split-traffic-between-vpn-and-internet-using-different-isp-s/m-p/1757895#M532396 raga.fusionet 2011-08-26T19:36:39Z