[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 257
  • Last Modified:

Site to Site VPN Tunnels w/o routing all interenet traffic though it

My boss wants me to set him up a site to site VPN tunnel from his house to the shop.  I know he isn't going to want all of his traffic flowing though that S2S VPN tunnel.

Is there a way to prevent this from happening becasue short of disconnecting the S2S I can't think of one.

Thanks

0
millsusaf
Asked:
millsusaf
1 Solution
 
Rob WilliamsCommented:
By site-2-site I assume you mean using two VPN routers? If so, and you set the local router as the default gateway on the PC, Internet traffic will not be sent via the VPN, however if the PC is a member of the domain, DNS will be pointed to the corporate DNS server and the DNS traffic will be via the VPN, this is common.

If you mean he will be connecting to a VPN appliance using a VPN client you can allow local Internet traffic rather than using the VPN by enabling split-tunneling. This is enabled in different ways with different VPN solutions.
0
 
hmareCommented:
Depending on the hardware you are using, a VPN can be set so that traffic going to a specific network goes through the VPN, all other traffic goes out to the WAN. What hardware are you using?
0
 
millsusafAuthor Commented:
Sorry, two Cisco 2811 are the equipment.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
hmareCommented:
I am not good enough with Cisco interface, but you should be able to establish the connection, and than create static routes sending work traffic one way, and internet traffic another. On the Sonicwall device we use, those rules are created automatically with the VPN policy.
0
 
AngelGabrielCommented:
Remember the basic rules of VPN

* One side of the connection is going to be the server side, and the other side is the client.
* The client *should* only route traffic destined for the server side. That is all other WAN traffic, should go through the local gateway

Only in certain cases, would *ALL* internet traffic be routed over the VPN, mainly people who suffer from paranoia!

http://www.routergeek.net/content/view/50/37/

This link should get you started nicely - Hope that helps

0
 
Rob WilliamsCommented:
I too am not familiar with that model Cisco, but the typical configuration is to route traffic for the remote subnet through the VPN, keep local subnet traffic local, and send all other traffic to the local default gateway. DNS can be different as mentioned. For a remote domain client to work properly it must use only your corporate server's DNS server, thus DNS requests, even for browsing, are handled by the corporate DNS server, but the actual web request is via the local gateway. This is very common, unless corporate office wants to manage (control) the Internet traffic.
0
 
pgolding00Commented:
in creating the s2s vpn you define an access list on each router and that access list is then used in the crypto config with the match address statement. the access list you define here determines what traffic goes in the vpn tunnel. any traffic that does not match a permit statement in the access list will not be encrypted. all traffic will be sent to the default gateway (the router) and that router decides if it will encrypt and tunnel the traffic or just route it normally out onto the internet.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now