Announcement

Collapse
No announcement yet.

Internet Through Ipsec Tunnel

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Internet Through Ipsec Tunnel

    I have 2 sites and one has a 2821 and the other a 871. There is currently an IPsec tunnel connecting the two. Is it possible to redirect internet through the tunnel? so the internet is provided by the main site to make use of the web filter?

  • #2
    Re: Internet Through Ipsec Tunnel

    Sure you can do that. Just disable split-tunneling if your using it and force all traffic through the tunnel. Keep in mind if this is an ipsec vpn there is alot of overhead added to each packet so it may slow down internet access depending on what ur local internet connection is.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: Internet Through Ipsec Tunnel

      What exactly would i need to do to do that? I am attaching my config so you get an idea what i'm working with.. Thanks
      Attached Files

      Comment


      • #4
        Re: Internet Through Ipsec Tunnel

        Can remove this acl, the route-map and nat statement

        ip access-list extended inet-traffic
        deny ip 10.1.7.0 0.0.0.255 10.0.0.0 0.255.255.255
        deny ip 10.1.7.0 0.0.0.255 192.168.0.0 0.0.255.255
        deny ip 10.1.7.0 0.0.0.255 172.16.0.0 0.15.255.255
        permit ip 10.1.0.0 0.0.255.255 any

        route-map NAT permit 10
        match ip address inet-traffic

        ip nat inside source route-map NAT interface Vlan2 overload

        Might as well remove the in nat statements on your interfaces too.

        This should be enough to force all traffic via the tunnel as this acl specifically states all traffic sourced from 10.1.7.0 should traverse the tunnel which is then referenced in the crypto map.

        ip access-list extended REC2COB
        remark REC VPN to COB
        permit ip 10.1.7.0 0.0.0.255 10.1.1.0 0.0.0.255

        crypto map VPN 15 ipsec-isakmp
        description Tunnel to COB
        set peer x.x.x.150
        set transform-set 3DES
        match address REC2COB

        As always back up ur config prior to making changes. Remove the following and verify the tunnel is still up.

        !
        Last edited by auglan; 21st April 2010, 02:48.
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment


        • #5
          Re: Internet Through Ipsec Tunnel

          wow thanks, that makes sense, 2 questions though, first, will i need to make any changes on the main facility router? does this mean I'll have to change gateways on the local machines to be the gateway of the destination? How does the router hand that off?

          Comment


          • #6
            Re: Internet Through Ipsec Tunnel

            You would want to make sure web traffic is allowed in the other end of the tunnel. Double check any acl's on the main end. Yes you may need the change your dhcp configuration on the router to use the dns servers at the main branch.
            CCNA, CCNA-Security, CCNP
            CCIE Security (In Progress)

            Comment


            • #7
              Re: Internet Through Ipsec Tunnel

              i looked at my main router config, don't see anything that would prevent traffic from remote side..could you take a look and see if you see any potential issue? Thanks
              Attached Files

              Comment


              • #8
                Re: Internet Through Ipsec Tunnel

                Yeah i dont see anything preventing it so it should be good.
                CCNA, CCNA-Security, CCNP
                CCIE Security (In Progress)

                Comment

                Working...
                X