cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3941
Views
0
Helpful
4
Replies

DMVPN and Split Tunneling

venom43212
Level 4
Level 4

Hello, for a backup to one of my sites MPLS connection, I have an internet connection using a DMVPN spoke back to HQ. I would like to use this link for alternate corporate wide internet access also. I know if this was a client based VPN connection, I could create a split tunnel by applying an ACL to the crypto map for the private destination networks and that traffic would go over the tunnel, all else would go out over the internet connection. I am looking to do something similar for the DMVPN tunnel....any suggestions? Thanks in advance.

4 Replies 4

andrew.prince
Level 10
Level 10

I'm not 100% on DMVPN, however I do know they are based on tunnels, a logical course of testing would be to write the ACL that defines the traffic that you want to traverse the DMVPN - then apply it to the tunnel interface in the oubound direction.

HTH>

Thanks Andrew, yeah I have a few ideas somewhere along those lines as well as some policy routing options. I was just wondering if there was a straight forward split tunnel parameter I might have overlooked. I'll be in the lab Monday doing some testing and will let you know how things work out.

-Derek

Just for funzies, I will be in the lab Monday testing something else - I think I will tac this onto my list also!

Hi

DMVPN only encrypts the traffic that goes through the tunnel. If you want split tunneling, then you need to just have the routing protocols in the DMVPN hub or spokes to advertize the networks that needs to be encrypted. By doing this, routes will be installed through the tunnel interface and traffic that uses that route will be encrypted.

Traffic not going through the route through tunnel interface will be not be encrypted and hence you achieve split tunneling.

With regards

Kings