forcing LAN traffic through tunnel first
Posted on 2009-05-08
i have 2 sites connected with IPsec tunnel, i can ping and exchange works between sites. but if i do a tracert from one side to the other, it sends it out the LAN side of the gateway (192.168.x.1) and then dies..
i have an acl that looks like this
access-list 110 permit ip 192.168.9.0 0.0.0.255 192.168.57.0 0.0.0.255
access-list 111 deny ip 192.168.9.0 0.0.0.255 192.168.57.0 0.0.0.255
access-list 111 permit ip 192.168.9.0 0.0.0.255 any
inside source list mapped to 111
ip nat inside source list 111 interface FastEthernet4 overload
and the crypto is mapped to 110.
if i tracert from a LAN workstation it dies after it hits 9.1, if i traceroute from router, i get the ISP gateway and then next hop but then dies
so basically what i need is for both sides to send all LAN traffic through tunnel
any help appreciated..thanks