Policy Based Routing or NAT Routemaps outside-to-inside support

jmglass · ‎04-03-2012

Hi,

Have an ipsec tunnel working for a branch campus without problems for over a year. Clients come back direct to main campus, if destination is off campus, then go direct out to Internet without coming back the ipsec tunnel. Configuration is attached for the remote site and have just one Internet connection.

I'm trying allow access to a new web server installed at the remote site from off campus and not having any luck. I found examples on dual Internet connections using PBR setups, but no luck trying to adapt this to my configuration. Can connect fine to the web server from local network, but when trying to connect to the web server from off campus get timeouts.

Can anyone point me in the correct direction for example using PBR or NAT Routemap to support the web server at the remote location? Clients coming in from Internet, path to server is through our main connection, but path is trying to go back out the cable modem. Need to change the path back through the ipsec tunnel for just this one IP address.

This seemed like a good link but I do not have two Internet connections and could not figure out how to adapt it.

<https://supportforums.cisco.com/docs/DOC-8313>

thanks!

jim

rizwanr74 · ‎04-03-2012

Please identify your remote L2L tunnel, remote vpn-users-segment and remote-web server need access for vpn-remote-users.

jmglass · ‎04-06-2012

Hi,

Not pretty but I got this working.

Created GRE tunnel and a route-map with "set ip default next-hop" pointing to the new tunnels remote address.

Web traffic now stays internal.

thanks!