Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1532
Views
0
Helpful
2
Replies

Send all traffic thru the vpn tunnel

Go to solution
jgadbois
Level 1
Level 1

‎07-22-2011 12:54 PM

Does anyone know how to send all traffic thru the vpn tunnel on both sides?  I have a EZVpn server on one side and a EZVpn client on the other.  I am not natting on either side.  I am using the default "tunnelall"  for the group policy attributes.  On the client side all traffic, even if not destined for the server side subnet, seems to flow thru the tunnel.  But if I ping from the server side, the same rules don't seem to apply.  Traffic destined for the client side flows thru the tunnel but traffic that isn't gets pumped out the outside interface in the clear.  Which is not cool.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Parminder Sian
Level 1
Level 1

‎07-27-2011 03:30 AM

Hi,

Traffic from Clinet to server goes through tunnel, this is correct, right ?

Traffic from server to client goes through tunnel, however rest of the traffic does not, right ?

This is working as expected because in ezvpn, the "tunnel all" policy is for traffic that is coming from the client., not leaving the server.

From server side, traffic to client will go through tunnel, rest wont. 

Sian

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Parminder Sian
Level 1
Level 1

‎07-27-2011 03:30 AM

Hi,

Traffic from Clinet to server goes through tunnel, this is correct, right ?

Traffic from server to client goes through tunnel, however rest of the traffic does not, right ?

This is working as expected because in ezvpn, the "tunnel all" policy is for traffic that is coming from the client., not leaving the server.

From server side, traffic to client will go through tunnel, rest wont. 

Sian

0 Helpful

Go to solution
jgadbois
Level 1
Level 1
In response to Parminder Sian

‎07-27-2011 04:51 PM

You are absolutely correct. I guess I just assumed that a "policy" was a "policy" and that it applied to both sides.  But....

I was surprised to find that traffic from the server to any subnet other that the client side of the tunnel would come out of the outside interface in the clear.  But I fixed it with an access list on the inside interface.  I would like to take credit for the fix but I called TAC.  Now everything flows the way I want it to.  I block everthing not destined for the client side.  And it works!

0 Helpful
Customers Also Viewed These Support Documents