Cisco 881 router and routing different LAN subnets to different destinations (Split tunneling?)

rgill · ‎02-21-2017

Hi all,

I hope this is possible on this series router. I would like to have specific traffic go out an established VPN connection to our HQ site and all other traffic go out the internet route. At the HQ we have a cisco asa which will accept from this ip range.

1. I would like to have specific traffic go out an established VPN connection to our HQ site

The specific devices are scanning guns for our warehouse which we cannot install vpn client software on.

2. All other traffic to go out the internet route.(not the VPN). (pc, server, etc)

I was looking at this article - but not sure if hte 881 series supports all of these commands? I do have a 2960x series L3 switch that I will be working with as well.

http://www.cisco.com/c/en/us/products/collateral/security/ios-easy-vpn/prod_white_paper0900aecd805f0bd6.html

Sam Smiley · ‎02-21-2017

The simple solution would be to create a VLAN for your scanners and simply create a route that sends all traffic for the VLAN through the VPN link on the router.

If this isn't an option you can create route maps that direct the traffic through the VLAN to the corporate office. Your config would be similar to this route-map configuration:

http://docwiki.cisco.com/wiki/NAT_failover_with_DUAL_ISP_on_a_router_Configuration_Example

Cheers,

Sam

rgill · ‎02-21-2017

Thanks Sam - I was thinking the option one is simple and hopefully it does work. Do you know if the cisco 811 series supports permanent vpn connection to asa firewall?

Sam Smiley · ‎02-21-2017

Sorry, I don't work with the ASA devices, just about all that I work with are the router devices where I use a DMVPN for office to office VPNs. I just do not know if the ASA devices support DMVPN, my suspicion would be that they do.

Here is an old DMVPN guide for IOS devices that will give you an idea as to how it works.

Cheers,

Sam