04-02-2014 10:42 PM - edited 02-21-2020 07:35 PM
Dear all,
I would appreciate please help me out to resolve following issue.
I have been using DMVPN setup (Routing protocol EIGRP) for 20 site no issue at all and everything is perfectly working.
Now I received one request that I would need to split corporate legitimate traffic and internet traffic at spoke end, so all internet traffic has to forward via local ADSL connection , but I tried to resolve it but spoke router is continuously forwarding all traffic to tunnel.
Moreover I found on internet that DMVPN has limitation that split tunneling is not possible.
Please can you suggest me how can I forward internet traffic (HTTP) via local ADSL connection
thanks and regards,
Solved! Go to Solution.
04-02-2014 11:22 PM
DMVPN is not based on policy, so split tunneling concepts do not apply.
DMVPN relies on routing to figure out what traffic needs to be tunneled.
In your cause you need to also differentiate between corporate and Internet HTTP traffic, best put correct routing in place.
04-03-2014 12:11 AM
I agree with Marcin.
At the spoke you would need to add a static default route for the internet traffic. You are also, most likely, injecting a default route into the EIGRP process at the hub, but the static route at the spokes will override this as it has a lower metric. Depending on your setup, if the ADSL line is on a different interface than that of the DMVPN you could leave the EIGRP default route and use it as a backup incase the ADSL goes down. But if they are both located off the same interface then there is no point in keeping the injected default route.
--
Please remember to rate and select a correct answer
04-02-2014 11:22 PM
DMVPN is not based on policy, so split tunneling concepts do not apply.
DMVPN relies on routing to figure out what traffic needs to be tunneled.
In your cause you need to also differentiate between corporate and Internet HTTP traffic, best put correct routing in place.
04-03-2014 12:11 AM
I agree with Marcin.
At the spoke you would need to add a static default route for the internet traffic. You are also, most likely, injecting a default route into the EIGRP process at the hub, but the static route at the spokes will override this as it has a lower metric. Depending on your setup, if the ADSL line is on a different interface than that of the DMVPN you could leave the EIGRP default route and use it as a backup incase the ADSL goes down. But if they are both located off the same interface then there is no point in keeping the injected default route.
--
Please remember to rate and select a correct answer
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide