Re: VPN tunnel and Internet traffic

bobby-long · ‎04-15-2005

I have two networks (N1 and N2). Each network is geographically separated. Each network has a frame T1 connection to the Internet. All traffic from N1 must go through N2 (N1 and N2 are on the same domain). N1 uses resources on N2 and accesses the Internet through a proxy on N2. N2 has resources that needs to be accessible from the Internet.

Question: I plan on setting up a site-to-site VPN for the interdomain traffic on two Cisco 2611 routers. The question is, can I use one frame connection to direct LAN to LAN traffic through a tunnel and have normal N2 traffic go to the Internet?

Thanks

Bobby

Richard Burts · ‎04-15-2005

Yes you can configure the router to use one outbound connection to send both IPSec protected VPN site-to-site traffic and Internet traffic.

You would do an ordinary configuration of IPSec between the two routers in N1 and N2. Part of configuring IPSec is configuring an access list that identifies traffic to be protected by IPSec. So your access list needs to permit traffic between N1 and N2. Then N1 - N2 traffic will go through IPSec and other traffic will not.

I have implemented something similar to this at a customer site. In this implementation we ran IPSec with GRE tunnels. From N1 a default route sends all Internet traffic through the tunnel to N2. From N2 a route sends all traffic for N1 through the tunnel and a default route sends all Internet traffic through the outbound interface not encrypted. It works pretty well.

HTH

Rick

HTH

Rick

bobby-long · ‎04-15-2005

Thanks Rick for the info! Makes me feel better about working on this knowing it *is* possible.

Much appreciated,

Bobby