Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
772
Views
0
Helpful
3
Replies

Cisco IOS EasyVPN Full Tunnel (Internet) Configuration

heshamcentrino
Level 1
Level 1

‎03-19-2020 10:20 PM

Dear All,

 

I have 2951 Router that has EasyVPN configured on it and I would to tunnel the internet traffic as well but not doing Split-Tunnel. This is what I wish to achieve

My router is residing in the UK with Vodafone ISP at home.

When I am overseas for example in Malaysia, I would like to connect with the Cisco VPN Client but I am using the UK ISP to connect to the internet.

 

Everything is working but I am not getting any internet at all. Could you please have a look at my configuration and tell me what's missing?

 

I appreciate all your great efforts.

 

Labels:
Preview file
8 KB
0 Helpful
3 Replies 3

rogerro
Cisco Employee
Cisco Employee

‎03-21-2020 11:17 AM

Hi, 

Do you have the config of the vpn server?

Take a look a the following link:

https://www.cisco.com/c/dam/en/us/products/collateral/security/ios-easy-vpn/prod_white_paper0900aecd80313bd6.pdf

 

 

Regards, 

 

0 Helpful

heshamcentrino
Level 1
Level 1
In response to rogerro

‎03-21-2020 04:23 PM

@rogerro wrote:

Hi, 

Do you have the config of the vpn server?

Take a look a the following link:

https://www.cisco.com/c/dam/en/us/products/collateral/security/ios-easy-vpn/prod_white_paper0900aecd80313bd6.pdf

 

 

Regards, 

 

Hello Sir,

 

Thanks for your response. I have already configured VPN Server and its working and connecting. I just needed what I am missing in my config to tunnel the internet traffic not to do split-tunnel. All the config examples just do the split tunneling.

I want to tunnel the internet config and I want to hop off the UK internet. I have already attached my config and want to know what should I add or remove to make that works

 

Many Thanks,

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to heshamcentrino

‎03-27-2020 06:37 AM

Hi,

 

   1. Perform the following changes, and it should work, mostly there was a problem with your split ACL, everything else is just cleaning up:

 

interface GigabitEthernet0/0

 no ip nat enable

!

crypto isakmp profile ciscocp-ike-profile-1

 client configuration group whatevergroup

crypto ipsec profile CiscoCP_Profile1

 set reverse-route tag 10

!

ip access-list TUNNEL_ALL

 permit ip any any

!

crypto isakmp client configuration group whatevergroup

 no acl DSL_ACCESSLIST

 acl TUNNEL_ALL

 

     2. I suppose that the policy-routing is in place not because you need it, but because you were trying to make it work? If so, you could remove it:

 

interface ATM0/3/0

 no ip policy route-map VPN-Client

interface Dialer0

  no ip policy route-map VPN-Client

no route-map VPN-Client 

no ip access-list extended VPN-OUT

 

    3. I see that this router is also configured, partially, as an EzVPN client, which is not? If so, you could remove this configuration as well.

 

no crypto ipsec client ezvpn ezvpnclient

 

Regards,

Cristian Matei.

 

0 Helpful
Customers Also Viewed These Support Documents