cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
815
Views
0
Helpful
1
Replies

Split traffic between VPN and Internet using different ISP's

kvmann2
Level 1
Level 1

What we are trying to accomplish here use two ISP's (one cable and one T1), use the Cable line for site-to-site VPN and use T1 line for all internet traffic. We currently use the following configuration: Cisco 2820 routers terminating the T1 -> HP switch -> Cisco AS 5510 port 0 -> port 1 to LAN switch (Nortel 5510)

We want to force all VPN traffic (using 10.0.0.0/24 subnets - 10.0.1.0, 10.0.2.0, etc) through a cable connection, perhaps on port 2 of the ASA, then all non VPN traffic goes to the T1.

Is it possible to do this without too much difficulty?

1 Reply 1

raga.fusionet
Level 4
Level 4

Hi There,

You can do this, you just need to make a few adjustments:

  • Apply the crypto map to the cable interface and enable isakmp on that interface.

  • Add routes to the remote site's private subnets via the cable's interface next hop e.g

route outside 10.0.1.0 255.255.255.0 a.b.c.d

  • Add routes the remote site's public IP addresses via the cable's interface next hop

route outside w.x.y.z 255.255.255.255 a.b.c.d

  • If  you are running 8.3 or 8.4 modify the NAT exemption rules for the VPN Tunnels from static (inside,outside) xxxx to something like static (inside,cable) xxxx

  • Point your remote site's peer address to the new IP Address

I hope this helps. Let us know if you have any other questions.

Raga

Review Cisco Networking for a $25 gift card