Re: route VPN traffic through one-leg router

pavlosd · ‎02-18-2005

Can you route IPSEC/VPN traffic through the same interface (or by using a loopback address)?

To be more specific. Suppose you do have a LAN with a couple of servers and an existing Networking infrustructure. You wany to enable a VPN tunnel for a server to communicate with another LAN, but you do not want to intercept the communication of the SERVER with rest of the LAN. Is it possible to add a router in the LAN (one-leg ethernet) and act as a gateway? (unecrypted and encrypted traffic comes in and out the same interface.

Regards.

ehirsel · ‎02-19-2005

It is possible with a cisco router. You would need to use route-maps along with loopback addresses to accomplish what you want to do. I have done that before, so I can help in more detail if needed.

If the server is running code that is capable of using IEEE 802.1Q vlan tagging, then an even better idea is to use subinterfaces on the IOS router that would work in lieu of loopback and route maps. It may actually make the config easier to read and maintain. I am using this technique in the org that I currently work for.

Let me know if you need more help.

pavlosd · ‎02-27-2005

Hi,

Great News.. Is it possible to have a sample configuration? So you use the LoopBack as an Outbound iterface?

pavlosd · ‎04-06-2005

Can anyone provide me an example?