cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.
Get the latest news in this issue of the Cisco Small Business Monthly Newsletter

4485
Views
0
Helpful
11
Replies
Highlighted

RV220W: How to route all traffic through IPsec tunnel including internet

Hi there,

I have setup a IPsec connection between 2 sites.

Site A (RV220W) <---> Site B (Some other makes)

Both site connection established just fine, I can ping the hosts of Site B from Site A and thats how I know the tunnel is created.

My question is quite simple:

How can I force all traffic from Site A (including internet traffic) to Site B? And all internet surfing or whatsoever will no longer flow through the Site A's internet gateway, but instead flowing thrugh Site B's internet gateway.

Cheers!

Nemo

11 REPLIES 11
Highlighted
Cisco Employee

Hi,

The site to site tunnel needs to be Exchange Mode: Main; Direction Type: Both, try to use "Any" for the Remote IP

Regards,

Kremena

Highlighted

Hi there,

I believe that's the current settings, while both side host can see, ping and access each other respectively.

However it's the internet traffic would not route to Site B, instead it just route through local Site A gateway.

So i.e. where Site A's ISP blocked facebook.com and youtube.com and Site B's ISP does not, even though both are connected, all clients on Site A can still never be able to access facebook.com and youtube.com

Any suggestions?

Cheers!

Highlighted

Hi again,

Are you using the latest firmwre on RV220?

Apart from that i think your problem has 2 parts. First, you can easily check if RV220 is routing the i-net trafic through the VPN. Make Capture trafic from the Diagnositc menu, while you make ping to google.com from a PC in the LAN. You can open the file with Wireshark.

So if the ping is routed through the VPN you should see only ESP packets, if the trafic is routed through your ISP you should see one of the public IP of google as a destinatination in a ICMP request/replies.

Second story is if the remote router can route such trafic to i-net and back.through the VPN tunnel.

Best Regards,

Kremena

Highlighted

Thanks, I know it's not becasue clients on Site A is not appearing as Site B's public IP to the i-net

Highlighted
Beginner

Hi,

If you want to route all the traffic through the VPN tunnel then you need to disable the split tunneling on the VPN router which is RV220 in your case. Split tunneling is commonly configured on the connecting client to  receive pushed secure route's or set statically. In this situation, only  specific traffic matching a "secure" destination address is forwarded  out the virtual tunnel interface. All other traffic is routed normally  and un-secured through the configured default gateway.

Split tunneling is a setting for SSL VPN that controls how the  client decides what traffic must be sent through the VPN tunnel and what  traffic may be sent out on its local network.  There are some scenarios  where only selected traffic destined for the corporate intranet must be  sent through the tunnel, other (for example, Web) traffic may be sent  out on the local network. By default split tunneling is enabled on VPN connection so that only traffic which needs secure connection sent over VPN tunnel and all other traffic like mails, messaging  will be routed through unsecured channel. Once you disable the split tunneling feature then all the traffic will be routed to VPN Tunnel.

Regards,

Phanikrishna

Highlighted

Can you tell me step by step how to do this? I do not seems to find such option in RV220's interface menu, cheers!

Highlighted
Contributor

The only way I ever figured out how to do this is for a client to dial into the second site's PPTP server.  Then all the traffic on that client will route over the VPN, over PPTP, and out that site's IP.  

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
Highlighted

yes, but how?

Can anyone give me a step by step instruction guide? cheers!

Highlighted

Starting at page 122 in the manual, it describes how to add pptp users into the router.  Then, you use Microsoft's built-in vpn client on xp/win7/etc to 'dial' the vpn connection.  Here's a link to a guide from Microsoft:

http://support.microsoft.com/kb/314076

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
Highlighted

Well, this is not exactly what we really want to configure, what I want is to forcing all traffic from Site A (including internet traffic) to Site B from the router.

Any clude?

Highlighted

What I described will do just that.  You'll have to read the instructions for the particulars as I don't know the firmware well enough to walk you through it.  But I'll try to answer any specific questions you have.

On the PC side, the setup is pretty simple.  Again, read the guide, and I'll answer any specific questions.

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com