02-27-2017 12:54 PM - edited 02-21-2020 09:10 PM
I have site-site IpSec VPN tunnels configured between remote sites running 881 routers to our central office ASA5510. We currently proxy all web traffic through a proxy server at the central site. We need to use an application that uses RDP to connect to an internet site, which the proxy server won't handle. Is there a way to exclude one internet destination address from being tunneled at the remote end?
02-27-2017 04:26 PM
Hi bsternfield,
You can try adding a deny as a first line on the interesting traffic of the tunnel for this specific traffic on the Router is supposed to initiate this traffic:
ip access-list extended interestingtraffic
10 deny ip <inside network> <mask> host <rdpserver>
20 permit ip <inside network> <mask> any
This is only an example of what you can try to do in order to bypass the tunnel for this specific traffic.
Hope this info helps!!
Rate if helps you!!
-JP-
02-28-2017 02:31 PM
03-06-2017 04:46 PM
Hi bsternfield,
From the VPN perspective that should work, can you make sure the nat you created to bypass the tunnel is working? you can check the ip nat translations and see if is actually working.
Hope this info helps!!
Rate if helps you!!
-JP-
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide