VPN routing issue

TroyITTech · ‎07-05-2011

I've been moving offices at several locations on to a MPLS network. I have an issue with the spoke sites. I have purchased several Cisco RV042 small business VPN routers to create a VPN for the spoke sites to connect to the MPLS. The VPN's phase one and phase two are up and will pass traffic but I would like to route all of the spoke sites internet traffic thru the VPN so the spoke sites can utilize the firewall cluster. Is it possible? If so, What do I need to do?

vmilanov · ‎07-05-2011

Hi,

I've not done this with a RV042 actually, but I think it deserves a try: So, try this way:

1) setup a spokes in "Router" mode instead of "Gateway" one (Setup->Advanced Routing). This turns NAT off.

3.a) Setup a site-to-site VPN, where in Local Group, put the local LAN subnet/mask, and,

3.b) setup in the Remote Group subnet 0.0.0.0 and mask 0.0.0.0

4) do the rest of the VPN setup, as it is in the Administration Guide

5) Setup a reversed VPN policy on the HUB site (i.e. 0.0.0.0/0 would be local group, spoke's LAN would be the remote one).

Hope this wil work for you.

Regards,

Vasil

TroyITTech · ‎07-13-2011

Actually this did not work even thought it was a good idea. I was thinking the same thing, but it kills the internet access at the spoke site and internet traffic will not flow thru the tunnel. Is this an access list issue? Even though I'm allowing all traffic. Or do I need to specify IPSEC traffic in the access list?