Solved

Site to Site VPN Tunnels w/o routing all interenet traffic though it

Posted on 2009-07-10
8
215 Views
Last Modified: 2012-05-07
My boss wants me to set him up a site to site VPN tunnel from his house to the shop.  I know he isn't going to want all of his traffic flowing though that S2S VPN tunnel.

Is there a way to prevent this from happening becasue short of disconnecting the S2S I can't think of one.

Thanks

0
Comment
Question by:millsusaf
8 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24822513
By site-2-site I assume you mean using two VPN routers? If so, and you set the local router as the default gateway on the PC, Internet traffic will not be sent via the VPN, however if the PC is a member of the domain, DNS will be pointed to the corporate DNS server and the DNS traffic will be via the VPN, this is common.

If you mean he will be connecting to a VPN appliance using a VPN client you can allow local Internet traffic rather than using the VPN by enabling split-tunneling. This is enabled in different ways with different VPN solutions.
0
 
LVL 9

Expert Comment

by:hmare
ID: 24822541
Depending on the hardware you are using, a VPN can be set so that traffic going to a specific network goes through the VPN, all other traffic goes out to the WAN. What hardware are you using?
0
 

Author Comment

by:millsusaf
ID: 24822656
Sorry, two Cisco 2811 are the equipment.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 9

Expert Comment

by:hmare
ID: 24822678
I am not good enough with Cisco interface, but you should be able to establish the connection, and than create static routes sending work traffic one way, and internet traffic another. On the Sonicwall device we use, those rules are created automatically with the VPN policy.
0
 
LVL 5

Expert Comment

by:AngelGabriel
ID: 24822734
Remember the basic rules of VPN

* One side of the connection is going to be the server side, and the other side is the client.
* The client *should* only route traffic destined for the server side. That is all other WAN traffic, should go through the local gateway

Only in certain cases, would *ALL* internet traffic be routed over the VPN, mainly people who suffer from paranoia!

http://www.routergeek.net/content/view/50/37/

This link should get you started nicely - Hope that helps

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24822755
I too am not familiar with that model Cisco, but the typical configuration is to route traffic for the remote subnet through the VPN, keep local subnet traffic local, and send all other traffic to the local default gateway. DNS can be different as mentioned. For a remote domain client to work properly it must use only your corporate server's DNS server, thus DNS requests, even for browsing, are handled by the corporate DNS server, but the actual web request is via the local gateway. This is very common, unless corporate office wants to manage (control) the Internet traffic.
0
 
LVL 8

Accepted Solution

by:
pgolding00 earned 500 total points
ID: 24829861
in creating the s2s vpn you define an access list on each router and that access list is then used in the crypto config with the match address statement. the access list you define here determines what traffic goes in the vpn tunnel. any traffic that does not match a permit statement in the access list will not be encrypted. all traffic will be sent to the default gateway (the router) and that router decides if it will encrypt and tunnel the traffic or just route it normally out onto the internet.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now