IOS VPN Web access without split tunneling?

Discussion in 'Cisco' started by Brian V, Nov 19, 2005.

  1. Brian V

    Brian V Guest

    Hey all,

    Pulling my hair out here. Is there any way you know of to allow internet
    access via an ios VPN without allowing split tunneling?

    internet----internet router----switch-----VPN Router-----Frame Router

    Hopefully the asci comes out. Essentially the VPN Router and Firewall are in
    Parrallel, Internal LAN hangs off inside firewall and F0 Frame router. VPN
    Router goes from Outside to F1 on the Frame Router.

    Tried PBR, but there's really no where to apply the route map to since it's
    VPN, tried the outside just for giggles, no go.... tried adding the
    backup-gateway x.x.x.x in the isakmp group, again, no go.

    Only way I can think of doing this is proxy server or split tunneling,
    neither is a viable option.

    VPN Router running eigrp for the internal 10net and a static default
    pointing to the internet router.

    Brian V, Nov 19, 2005
    1. Advertisements

  2. Brian V

    anybody43 Guest

    On Frame Router, default route is via Firewall.
    On Firewall default route is via Internet router
    On VPN router default route is via Internet.

    On VPN router, use PBR to route all incoming traffic from VPN
    via Frame Router.

    Must be possible? Not up on PBR but can't believe that it's not.
    anybody43, Nov 21, 2005
    1. Advertisements

  3. Brian V

    Brian V Guest

    Tried it....maybe I screwed up the PBR config...or maybe since it's VPN it's
    still encrypted when it hits the interface and cannot apply the PBR.

    route-map VPN permit 1
    set ip next-hop

    access-list 1 permit

    interface FastEthernet0/1
    description Outside
    ip address a.b.c.d
    crypto map clientmap
    ip policy route-map VPN
    Brian V, Nov 21, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.