Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   IOS VPN Web access without split tunneling? (http://www.velocityreviews.com/forums/t41806-ios-vpn-web-access-without-split-tunneling.html)

Brian V 11-19-2005 10:43 PM

IOS VPN Web access without split tunneling?
 
Hey all,

Pulling my hair out here. Is there any way you know of to allow internet
access via an ios VPN without allowing split tunneling?

internet----internet router----switch-----VPN Router-----Frame Router
|--------Firewall---Internal----|

Hopefully the asci comes out. Essentially the VPN Router and Firewall are in
Parrallel, Internal LAN hangs off inside firewall and F0 Frame router. VPN
Router goes from Outside to F1 on the Frame Router.

Tried PBR, but there's really no where to apply the route map to since it's
VPN, tried the outside just for giggles, no go.... tried adding the
backup-gateway x.x.x.x in the isakmp group, again, no go.

Only way I can think of doing this is proxy server or split tunneling,
neither is a viable option.

VPN Router running eigrp for the internal 10net and a static default
pointing to the internet router.

Thanks,
-Brian



anybody43@hotmail.com 11-21-2005 07:45 AM

Re: IOS VPN Web access without split tunneling?
 
On Frame Router, default route is via Firewall.
On Firewall default route is via Internet router
On VPN router default route is via Internet.

On VPN router, use PBR to route all incoming traffic from VPN
via Frame Router.

Must be possible? Not up on PBR but can't believe that it's not.


Brian V 11-21-2005 11:06 AM

Re: IOS VPN Web access without split tunneling?
 

<anybody43@hotmail.com> wrote in message
news:1132559148.874856.309000@g49g2000cwa.googlegr oups.com...
> On Frame Router, default route is via Firewall.
> On Firewall default route is via Internet router
> On VPN router default route is via Internet.
>
> On VPN router, use PBR to route all incoming traffic from VPN
> via Frame Router.
>
> Must be possible? Not up on PBR but can't believe that it's not.
>


Tried it....maybe I screwed up the PBR config...or maybe since it's VPN it's
still encrypted when it hits the interface and cannot apply the PBR.

route-map VPN permit 1
set ip next-hop 10.101.229.1

access-list 1 permit 10.101.229.0 0.0.0.255

interface FastEthernet0/1
description Outside
ip address a.b.c.d 255.255.255.224
crypto map clientmap
ip policy route-map VPN





All times are GMT. The time now is 10:30 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.