Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
572
Views
0
Helpful
10
Replies

DMVPN spoke question

uros.mirkovic
Level 1
Level 1

‎07-14-2018 04:24 AM - edited ‎03-05-2019 10:46 AM

I have a following situation:

 

A spoke router connected to a ADSL modem and a dialer interface configured (to obtain internet connectivity)

Tunnel interface which connects to the DMVPN Hub router usin dialer interface.

Now all the traffic from internal network is going through the Tunnel interface to the DMVPN hub. 

What i would like to achieve is to have only "internal" traffic, for example traffic destined fro 10.100.0.0/16 go through the tunnel and the rest of the traffic go to the internet directly through the dialer interface.

 

I tried to setup NAT (inside on LAN interface, and outside on Dialer interface) and have applied an ACL to the tunnel interface allowing only 10.100.0.0/16 through it, but i could not get the desired result. Any suggestions?

Labels:
0 Helpful
10 Replies 10

Georg Pauwen
VIP
VIP

‎07-14-2018 04:43 AM

Hello,

 

you need to set up split tunneling. Post the config of your router so we can fill in the bits and pieces...

0 Helpful

uros.mirkovic
Level 1
Level 1
In response to Georg Pauwen

‎07-14-2018 04:49 AM - edited ‎07-14-2018 11:27 AM

Here is the running-config.

0 Helpful

Georg Pauwen
VIP
VIP
In response to uros.mirkovic

‎07-14-2018 08:24 AM

Hello,

 

basically all you need to do is create a static route for the traffic to the other side of the VPN, and send the rest over the Dialer interface. That said, what network(s) do you have on the other side of the VPN ?

 

ip route vrf ADSL 195.66.189.240 255.255.255.252 Tunnel1
ip route 0.0.0.0 0.0.0.0 Dialer1

0 Helpful

uros.mirkovic
Level 1
Level 1
In response to Georg Pauwen

‎07-14-2018 08:29 AM

I have tried adding the static route. It does not work. I have 10.100.0.0/16 on the other side of the VPN tunnel.
0 Helpful

Georg Pauwen
VIP
VIP
In response to uros.mirkovic

‎07-14-2018 08:44 AM

The VRF might be the problem...

 

I'll lab this in GNS3 and get back with you...

0 Helpful

uros.mirkovic
Level 1
Level 1
In response to Georg Pauwen

‎07-14-2018 08:49 AM

Greag,

 

Thanks a lot. I am quite confident it has something to do with ACL's, but i can not figure out what. I have tried all that seamed logical to me.

0 Helpful

Georg Pauwen
VIP
VIP
In response to Georg Pauwen

‎07-14-2018 12:39 PM

Hello,

 

is your VPN actually up and running ? Your tunnel is configured as ospf point-to-multipoint, but I don't see any OSPF process configured on your router. I see EIGRP, but nothing on the tunnel is configured for EIGRP. Also, is the VRF needed ? If your remote networks are 10.100.0.0/16, are we talking about overlapping network spaces ?

 

It might be best to provide a schematic drawing of your topology including IP addessing...

0 Helpful

omz
VIP Alumni
VIP Alumni
In response to uros.mirkovic

‎07-14-2018 10:28 AM

Sanitise config before posting?

If you not already aware .. Type 7 passwords can be decrypted on-line very easily.

 

0 Helpful

uros.mirkovic
Level 1
Level 1
In response to omz

‎07-14-2018 11:28 AM

Thanks for the heads up. Completely forgot about it.
0 Helpful

Georg Pauwen
VIP
VIP
In response to uros.mirkovic

‎07-14-2018 01:35 PM - edited ‎07-14-2018 01:42 PM

Hello, 

 

for direct Internet access try:

 

ip route vrf ADSL 0.0.0.0 0.0.0.0 Dialer1

 

which probably won't work because your dialer is in the VRF as well...

Is there a possibility to remove the VRF altogether ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card