Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
238
Views
3
Helpful
1
Replies

Router to Router not split tunneled sample config

ROBERT WATSON
Level 1
Level 1

‎12-03-2002 12:34 PM - edited ‎03-09-2019 01:16 AM

Ok just scoured CCO no router to router hub and spoke design where some sites are not split tunneled and others are. Any one doing this in their network? I need a samp config of a router that isnt split tunneled. ie do I need a route map to bypass nat do I need to configure nat at all? can I put an all 0's destination acl in my vpn config with standard vpn config on the other side? I don't know what guidelines I need to follow for a non split tunnel scenario.

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎12-04-2002 04:57 PM

Generally we discourage the use of the word "any" in a crypto ACL, but it should be all you need. At the remote site router (with network 10.1.1.0/24), you'll have a standard crypto ACL that looks like:

access-list 101 permit ip 10.1.1.0 0.0.0.255 any

Then on the hub router, again it'll be standard with the crypto ACL for this site looking like:

access-list 101 permit ip any 10.1.1.0 0.0.0.255

If you have NAT at the remote site, you can either turn it off altogether, since there's not much point having it, or do the standard nonat route-map pointing to an access-list that denies traffic from 10.1.1.0/24 to any (as I said though, not much point having it all though).

Customers Also Viewed These Support Documents