IOS VPN Web access without split tunneling?

Discussion in 'Cisco' started by Brian V, Nov 19, 2005.

  1. Brian V

    Brian V Guest

    Hey all,

    Pulling my hair out here. Is there any way you know of to allow internet
    access via an ios VPN without allowing split tunneling?

    internet----internet router----switch-----VPN Router-----Frame Router
    |--------Firewall---Internal----|

    Hopefully the asci comes out. Essentially the VPN Router and Firewall are in
    Parrallel, Internal LAN hangs off inside firewall and F0 Frame router. VPN
    Router goes from Outside to F1 on the Frame Router.

    Tried PBR, but there's really no where to apply the route map to since it's
    VPN, tried the outside just for giggles, no go.... tried adding the
    backup-gateway x.x.x.x in the isakmp group, again, no go.

    Only way I can think of doing this is proxy server or split tunneling,
    neither is a viable option.

    VPN Router running eigrp for the internal 10net and a static default
    pointing to the internet router.

    Thanks,
    -Brian
     
    Brian V, Nov 19, 2005
    #1
    1. Advertising

  2. Brian V

    Guest

    On Frame Router, default route is via Firewall.
    On Firewall default route is via Internet router
    On VPN router default route is via Internet.

    On VPN router, use PBR to route all incoming traffic from VPN
    via Frame Router.

    Must be possible? Not up on PBR but can't believe that it's not.
     
    , Nov 21, 2005
    #2
    1. Advertising

  3. Brian V

    Brian V Guest

    <> wrote in message
    news:...
    > On Frame Router, default route is via Firewall.
    > On Firewall default route is via Internet router
    > On VPN router default route is via Internet.
    >
    > On VPN router, use PBR to route all incoming traffic from VPN
    > via Frame Router.
    >
    > Must be possible? Not up on PBR but can't believe that it's not.
    >


    Tried it....maybe I screwed up the PBR config...or maybe since it's VPN it's
    still encrypted when it hits the interface and cannot apply the PBR.

    route-map VPN permit 1
    set ip next-hop 10.101.229.1

    access-list 1 permit 10.101.229.0 0.0.0.255

    interface FastEthernet0/1
    description Outside
    ip address a.b.c.d 255.255.255.224
    crypto map clientmap
    ip policy route-map VPN
     
    Brian V, Nov 21, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. misiob
    Replies:
    5
    Views:
    3,082
    Pete Mainwaring
    Jun 23, 2004
  2. The Entitty

    Cisco VPN - Split tunneling

    The Entitty, Jun 29, 2004, in forum: Cisco
    Replies:
    2
    Views:
    5,364
    Memnoch
    Jun 29, 2004
  3. John Sasso

    Split Tunneling and Cisco VPN client

    John Sasso, Aug 26, 2004, in forum: Cisco
    Replies:
    1
    Views:
    6,812
    Scooby
    Aug 26, 2004
  4. Pinko_Commie

    PIX, VPN, Split Tunneling, IPOOL

    Pinko_Commie, Sep 13, 2004, in forum: Cisco
    Replies:
    1
    Views:
    757
    Erik Tamminga
    Sep 13, 2004
  5. Bob Smith
    Replies:
    3
    Views:
    5,808
    Bob Smith
    Nov 10, 2004
Loading...

Share This Page