Re: Tunnel VPN traffic comming from router

serotonin888 · ‎12-06-2006

Hi All,

We have deployed cisco 837's to our sales reps with a vpn tunnel back to HQ for email access. The 837 will allocates an ip address and dns servers via dhcp. I have configured the dhcp pool to give out the addresses of 2 internal dns servers. However, when the user tries to access email and resolve an internal name the windows client appears to timeout connecting to the dns server (as the securuty association is being built).

I was think that to keep the SA open i could run the 837 as an ntp client with the server being in the same subnet as the dns servers. This would mean the sa is always up.

However, im not sure how to tell the cisco router to encrypt traffic comming from itself as it always wants to use the public ip address.

On the pix i think the command was "management interface inside" but im not sure what the similiar command is on a router.

Any ideas?

thanks

Andy

vmoopeung · ‎12-12-2006

The following configuration would not be commonly used, but was designed to allow Cisco Secure VPN Client IPSec tunnel termination on a central router. As the tunnel comes up, the PC receives its IP address from the central router's IP address pool (in our example, the router is named "moss"), then the pool traffic can reach the local network behind moss or be routed and encrypted to the network behind the outlying router (in our example, the router is named "carter"). In addition, traffic from private network 10.13.1.X to 10.1.1.X is encrypted; the routers are doing NAT overload.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800ef7ba.shtml