04-03-2012 09:18 AM - edited 03-04-2019 03:54 PM
Hi,
Have an ipsec tunnel working for a branch campus without problems for over a year. Clients come back direct to main campus, if destination is off campus, then go direct out to Internet without coming back the ipsec tunnel. Configuration is attached for the remote site and have just one Internet connection.
I'm trying allow access to a new web server installed at the remote site from off campus and not having any luck. I found examples on dual Internet connections using PBR setups, but no luck trying to adapt this to my configuration. Can connect fine to the web server from local network, but when trying to connect to the web server from off campus get timeouts.
Can anyone point me in the correct direction for example using PBR or NAT Routemap to support the web server at the remote location? Clients coming in from Internet, path to server is through our main connection, but path is trying to go back out the cable modem. Need to change the path back through the ipsec tunnel for just this one IP address.
This seemed like a good link but I do not have two Internet connections and could not figure out how to adapt it.
<https://supportforums.cisco.com/docs/DOC-8313>
thanks!
jim
04-03-2012 09:37 AM
Please identify your remote L2L tunnel, remote vpn-users-segment and remote-web server need access for vpn-remote-users.
04-06-2012 11:47 AM
Hi,
Not pretty but I got this working.
Created GRE tunnel and a route-map with "set ip default next-hop" pointing to the new tunnels remote address.
Web traffic now stays internal.
thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide