05-14-2012 05:04 AM
Hello,
I have configured Site-to-Site IPSec VPN and it works.
Our clients have access to inside network and Internet ("hairpinning").
How can I configure access to Internet on remote networks clients if VPN tunnel fail?
Remote devices is ASA5505 and Cisco 861.
When VPN works i have access to Internet over central office gateway.
In case when VPN fail i need still have access to Internet over local (remote device) gateway.
It's possible?
Thanks.
05-14-2012 08:04 AM
you need to allow "split tunneling". Do a search on the Cisco web site for "Allow VPN Split Tunneling". The have examples on how to config.
Sent from Cisco Technical Support iPad App
05-14-2012 11:15 PM
I just try to understand how split tunneling can help me in this situation.
Split tunneling used for accessing to protected network resources and Internet resources simulationely - for REMOTE VPN users becourse all traffic go thru vpn to protected network and access to resources of local Internet provider is impossible.
In my case i'm use SITE-2-SITE VPN and protect all traffic, so users HAVE access to protected network and Internet but for access Internet used gateway of central office not local provider.
Question is: In case when central office have no Internet so VPN is fail and other SITE can't access protected networks and Internet, HOW i configure other SITE devices for, IN THAT CASE, automaticaly use local providers gateway and after VPN is OK use central office provider?
Some info for explain...
SITE A (Central office)
SITE B (OTHER SITE)
SITE A CRYPTOMAP source=ANY destination=OTHER_SITE_NETWORK
SITE B CRYPTOMAP source=OTHER_SITE_NETWORK destination=ANY
SITE A NAT (inside,outside) OTHER_SITE_NETWORK to OUTSIDE
SITE B NAT EXEMPT ALL TRAFFIC from NAT - in that case Internet requests of OTHER SITE go thru VPN to SITE A and to Internet to SITE A providers gateway
if
SITE B NAT EXEMPT only SITE_B_NETWORK to SITE_A_NETWORK - in that case Internet requests of OTHER SITE go directly to local (SITE B) providers gateway.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide