Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Site to Site VPN Tunnels w/o routing all interenet traffic though it

Posted on 2009-07-10
8
Medium Priority
?
255 Views
Last Modified: 2012-05-07
My boss wants me to set him up a site to site VPN tunnel from his house to the shop.  I know he isn't going to want all of his traffic flowing though that S2S VPN tunnel.

Is there a way to prevent this from happening becasue short of disconnecting the S2S I can't think of one.

Thanks

0
Comment
Question by:millsusaf
7 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24822513
By site-2-site I assume you mean using two VPN routers? If so, and you set the local router as the default gateway on the PC, Internet traffic will not be sent via the VPN, however if the PC is a member of the domain, DNS will be pointed to the corporate DNS server and the DNS traffic will be via the VPN, this is common.

If you mean he will be connecting to a VPN appliance using a VPN client you can allow local Internet traffic rather than using the VPN by enabling split-tunneling. This is enabled in different ways with different VPN solutions.
0
 
LVL 9

Expert Comment

by:hmare
ID: 24822541
Depending on the hardware you are using, a VPN can be set so that traffic going to a specific network goes through the VPN, all other traffic goes out to the WAN. What hardware are you using?
0
 

Author Comment

by:millsusaf
ID: 24822656
Sorry, two Cisco 2811 are the equipment.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 9

Expert Comment

by:hmare
ID: 24822678
I am not good enough with Cisco interface, but you should be able to establish the connection, and than create static routes sending work traffic one way, and internet traffic another. On the Sonicwall device we use, those rules are created automatically with the VPN policy.
0
 
LVL 5

Expert Comment

by:AngelGabriel
ID: 24822734
Remember the basic rules of VPN

* One side of the connection is going to be the server side, and the other side is the client.
* The client *should* only route traffic destined for the server side. That is all other WAN traffic, should go through the local gateway

Only in certain cases, would *ALL* internet traffic be routed over the VPN, mainly people who suffer from paranoia!

http://www.routergeek.net/content/view/50/37/

This link should get you started nicely - Hope that helps

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24822755
I too am not familiar with that model Cisco, but the typical configuration is to route traffic for the remote subnet through the VPN, keep local subnet traffic local, and send all other traffic to the local default gateway. DNS can be different as mentioned. For a remote domain client to work properly it must use only your corporate server's DNS server, thus DNS requests, even for browsing, are handled by the corporate DNS server, but the actual web request is via the local gateway. This is very common, unless corporate office wants to manage (control) the Internet traffic.
0
 
LVL 8

Accepted Solution

by:
pgolding00 earned 2000 total points
ID: 24829861
in creating the s2s vpn you define an access list on each router and that access list is then used in the crypto config with the match address statement. the access list you define here determines what traffic goes in the vpn tunnel. any traffic that does not match a permit statement in the access list will not be encrypted. all traffic will be sent to the default gateway (the router) and that router decides if it will encrypt and tunnel the traffic or just route it normally out onto the internet.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question