How to route internet traffic from one host through VPN tunnel

imrshaik · ‎08-15-2015

Hi all, hope someone can assist.

Would like to route non-local traffic (Internet Traffic) from a single local host (192.168.20.7) through the VPN tunnel setup between two networks.

(Router A - 192.168.10.X) > IPSEC VPN > (Router B - (Cisco 860) - 192.168.20.X)

Would appreciate any assistance with the config.

regards

Richard Bradfield · ‎08-16-2015

I take it you already have the VPN tunnel in place, and the Internet is at Router A end.

and at the moment you match interesting traffic on your Crypto Map

Router A

with a match address AtoB

ip access-list extended AtoB

permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

add the following

permit ip any host 192.168.20.7

RouterB

with a match address BtoA

ip access-list extended BtoA

permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255

add the following

permit ip host 192.168.20.7 any

also will have to make sure you have a route on B that allows this.

imrshaik · ‎08-16-2015

Yes, the VPN tunnel is up and working.

Yes, i'd like the outbound traffic (to port 8080) from Router B to flow through the tunnel to Router A - (RV325) and NOT directly via the WAN interface on Router B (Cisco 800).

I have the following in the ACL on the Cisco 800

permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255

permit tcp host 192.168.20.7 eq 8080 any

and this unfortunately does not work - the traffic is still going via the WAN interface.

Richard Bradfield · ‎08-16-2015

If your VPN tunnel is using Tunnel interfaces, then use Policy Based Routing (PBR) to force the route from 192.168.20.7 to the Internet thru the tunnel interface.