Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5268
Views
0
Helpful
11
Replies

RV220W: How to route all traffic through IPsec tunnel including internet

HidetoshiNemoto
Level 1
Level 1

‎06-29-2013 11:42 AM

Hi there,

I have setup a IPsec connection between 2 sites.

Site A (RV220W) <---> Site B (Some other makes)

Both site connection established just fine, I can ping the hosts of Site B from Site A and thats how I know the tunnel is created.

My question is quite simple:

How can I force all traffic from Site A (including internet traffic) to Site B? And all internet surfing or whatsoever will no longer flow through the Site A's internet gateway, but instead flowing thrugh Site B's internet gateway.

Cheers!

Nemo

Labels:
0 Helpful
11 Replies 11

Kremena Ivanova
Cisco Employee
Cisco Employee

‎07-01-2013 08:44 AM

Hi,

The site to site tunnel needs to be Exchange Mode: Main; Direction Type: Both, try to use "Any" for the Remote IP

Regards,

Kremena

0 Helpful

HidetoshiNemoto
Level 1
Level 1
In response to Kremena Ivanova

‎07-01-2013 09:48 AM

Hi there,

I believe that's the current settings, while both side host can see, ping and access each other respectively.

However it's the internet traffic would not route to Site B, instead it just route through local Site A gateway.

So i.e. where Site A's ISP blocked facebook.com and youtube.com and Site B's ISP does not, even though both are connected, all clients on Site A can still never be able to access facebook.com and youtube.com

Any suggestions?

Cheers!

0 Helpful

Kremena Ivanova
Cisco Employee
Cisco Employee
In response to HidetoshiNemoto

‎07-02-2013 12:18 AM

Hi again,

Are you using the latest firmwre on RV220?

Apart from that i think your problem has 2 parts. First, you can easily check if RV220 is routing the i-net trafic through the VPN. Make Capture trafic from the Diagnositc menu, while you make ping to google.com from a PC in the LAN. You can open the file with Wireshark.

So if the ping is routed through the VPN you should see only ESP packets, if the trafic is routed through your ISP you should see one of the public IP of google as a destinatination in a ICMP request/replies.

Second story is if the remote router can route such trafic to i-net and back.through the VPN tunnel.

Best Regards,

Kremena

0 Helpful

HidetoshiNemoto
Level 1
Level 1
In response to HidetoshiNemoto

‎07-03-2013 11:34 PM

Thanks, I know it's not becasue clients on Site A is not appearing as Site B's public IP to the i-net

0 Helpful

psurampa
Level 1
Level 1

‎07-02-2013 11:12 AM

Hi,

If you want to route all the traffic through the VPN tunnel then you need to disable the split tunneling on the VPN router which is RV220 in your case. Split tunneling is commonly configured on the connecting client to  receive pushed secure route's or set statically. In this situation, only  specific traffic matching a "secure" destination address is forwarded  out the virtual tunnel interface. All other traffic is routed normally  and un-secured through the configured default gateway.

Split tunneling is a setting for SSL VPN that controls how the  client decides what traffic must be sent through the VPN tunnel and what  traffic may be sent out on its local network.  There are some scenarios  where only selected traffic destined for the corporate intranet must be  sent through the tunnel, other (for example, Web) traffic may be sent  out on the local network. By default split tunneling is enabled on VPN connection so that only traffic which needs secure connection sent over VPN tunnel and all other traffic like mails, messaging  will be routed through unsecured channel. Once you disable the split tunneling feature then all the traffic will be routed to VPN Tunnel.

Regards,

Phanikrishna

0 Helpful

HidetoshiNemoto
Level 1
Level 1
In response to psurampa

‎07-03-2013 11:36 PM

Can you tell me step by step how to do this? I do not seems to find such option in RV220's interface menu, cheers!

0 Helpful

SamirD
Level 5
Level 5

‎07-04-2013 12:29 PM

The only way I ever figured out how to do this is for a client to dial into the second site's PPTP server.  Then all the traffic on that client will route over the VPN, over PPTP, and out that site's IP.  

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
0 Helpful

HidetoshiNemoto
Level 1
Level 1
In response to SamirD

‎07-08-2013 09:29 PM

yes, but how?

Can anyone give me a step by step instruction guide? cheers!

0 Helpful

SamirD
Level 5
Level 5
In response to HidetoshiNemoto

‎07-08-2013 10:34 PM

Starting at page 122 in the manual, it describes how to add pptp users into the router.  Then, you use Microsoft's built-in vpn client on xp/win7/etc to 'dial' the vpn connection.  Here's a link to a guide from Microsoft:

http://support.microsoft.com/kb/314076

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
0 Helpful

HidetoshiNemoto
Level 1
Level 1

‎08-13-2013 09:44 AM

Well, this is not exactly what we really want to configure, what I want is to forcing all traffic from Site A (including internet traffic) to Site B from the router.

Any clude?

0 Helpful

SamirD
Level 5
Level 5
In response to HidetoshiNemoto

‎11-10-2013 08:22 AM

What I described will do just that.  You'll have to read the instructions for the particulars as I don't know the firmware well enough to walk you through it.  But I'll try to answer any specific questions you have.

On the PC side, the setup is pretty simple.  Again, read the guide, and I'll answer any specific questions.

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents