Split traffic between VPN and Internet using different ISP's

kvmann2 · ‎08-26-2011

What we are trying to accomplish here use two ISP's (one cable and one T1), use the Cable line for site-to-site VPN and use T1 line for all internet traffic. We currently use the following configuration: Cisco 2820 routers terminating the T1 -> HP switch -> Cisco AS 5510 port 0 -> port 1 to LAN switch (Nortel 5510)

We want to force all VPN traffic (using 10.0.0.0/24 subnets - 10.0.1.0, 10.0.2.0, etc) through a cable connection, perhaps on port 2 of the ASA, then all non VPN traffic goes to the T1.

Is it possible to do this without too much difficulty?

raga.fusionet · ‎08-26-2011

Hi There,

You can do this, you just need to make a few adjustments:

Apply the crypto map to the cable interface and enable isakmp on that interface.

Add routes to the remote site's private subnets via the cable's interface next hop e.g

route outside 10.0.1.0 255.255.255.0 a.b.c.d

Add routes the remote site's public IP addresses via the cable's interface next hop

route outside w.x.y.z 255.255.255.255 a.b.c.d

If you are running 8.3 or 8.4 modify the NAT exemption rules for the VPN Tunnels from static (inside,outside) xxxx to something like static (inside,cable) xxxx

Point your remote site's peer address to the new IP Address

I hope this helps. Let us know if you have any other questions.

Raga