08-15-2015 05:47 PM
Hi all, hope someone can assist.
Would like to route non-local traffic (Internet Traffic) from a single local host (192.168.20.7) through the VPN tunnel setup between two networks.
(Router A - 192.168.10.X) > IPSEC VPN > (Router B - (Cisco 860) - 192.168.20.X)
Would appreciate any assistance with the config.
regards
08-16-2015 01:35 AM
I take it you already have the VPN tunnel in place, and the Internet is at Router A end.
and at the moment you match interesting traffic on your Crypto Map
Router A
with a match address AtoB
ip access-list extended AtoB
permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
add the following
permit ip any host 192.168.20.7
RouterB
with a match address BtoA
ip access-list extended BtoA
permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
add the following
permit ip host 192.168.20.7 any
also will have to make sure you have a route on B that allows this.
08-16-2015 04:48 PM
Yes, the VPN tunnel is up and working.
Yes, i'd like the outbound traffic (to port 8080) from Router B to flow through the tunnel to Router A - (RV325) and NOT directly via the WAN interface on Router B (Cisco 800).
I have the following in the ACL on the Cisco 800
permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
permit tcp host 192.168.20.7 eq 8080 any
and this unfortunately does not work - the traffic is still going via the WAN interface.
08-16-2015 05:05 PM
If your VPN tunnel is using Tunnel interfaces, then use Policy Based Routing (PBR) to force the route from 192.168.20.7 to the Internet thru the tunnel interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide