04-08-2008 10:10 PM - edited 02-21-2020 03:39 PM
I have 2 Cisco 857w's currently running a basic Site to Site VPN configured successfully through SDM.
Site 1 LAN = 10.10.10.0 /24
Site 2 LAN = 10.10.20.0 /24
The client would now like all users to access the Internet only through Site 2's Internet connection.. ie Site 1 must gain access through the VPN tunnel and out to the internet through Site 2's Router.
Can this be Done? What needs to be changed on both the Router's configs?
CURRENT CONFIG SITE 1 (relevant parts)
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxxx address 111.222.333.444
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to 111.222.333.444
set peer 111.222.333.444
set transform-set ESP-3DES-SHA
match address 100
!
!
!
interface ATM0
no shut
no ip address
no ip route-cache cef
no ip route-cache
load-interval 30
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
spanning-tree portfast
!
interface FastEthernet1
spanning-tree portfast
!
interface FastEthernet2
spanning-tree portfast
!
interface FastEthernet3
spanning-tree portfast
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description LOCAL_LAN
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache cef
!
interface Dialer0
description ADSL Link FNN xxxxxxx
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
no cdp enable
ppp authentication chap callin
ppp chap hostname username@xxxxx.xxxxxx.net
ppp chap password xxxxxx
crypto map SDM_CMAP_1
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 20
ip http authentication local
ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
access-list 22 remark SDM_ACL Category=17
access-list 22 permit 10.10.10.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
access-list 101 remark SDM_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 101
04-14-2008 08:05 PM
Refer to IOS Router to Pass a LAN-to-LAN IPSec Tunnel via PAT Configuration Example for more information
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094ecd.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide