Solved

Site to Site VPN Tunnels w/o routing all interenet traffic though it

Posted on 2009-07-10
8
239 Views
Last Modified: 2012-05-07
My boss wants me to set him up a site to site VPN tunnel from his house to the shop.  I know he isn't going to want all of his traffic flowing though that S2S VPN tunnel.

Is there a way to prevent this from happening becasue short of disconnecting the S2S I can't think of one.

Thanks

0
Comment
Question by:millsusaf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24822513
By site-2-site I assume you mean using two VPN routers? If so, and you set the local router as the default gateway on the PC, Internet traffic will not be sent via the VPN, however if the PC is a member of the domain, DNS will be pointed to the corporate DNS server and the DNS traffic will be via the VPN, this is common.

If you mean he will be connecting to a VPN appliance using a VPN client you can allow local Internet traffic rather than using the VPN by enabling split-tunneling. This is enabled in different ways with different VPN solutions.
0
 
LVL 9

Expert Comment

by:hmare
ID: 24822541
Depending on the hardware you are using, a VPN can be set so that traffic going to a specific network goes through the VPN, all other traffic goes out to the WAN. What hardware are you using?
0
 

Author Comment

by:millsusaf
ID: 24822656
Sorry, two Cisco 2811 are the equipment.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 9

Expert Comment

by:hmare
ID: 24822678
I am not good enough with Cisco interface, but you should be able to establish the connection, and than create static routes sending work traffic one way, and internet traffic another. On the Sonicwall device we use, those rules are created automatically with the VPN policy.
0
 
LVL 5

Expert Comment

by:AngelGabriel
ID: 24822734
Remember the basic rules of VPN

* One side of the connection is going to be the server side, and the other side is the client.
* The client *should* only route traffic destined for the server side. That is all other WAN traffic, should go through the local gateway

Only in certain cases, would *ALL* internet traffic be routed over the VPN, mainly people who suffer from paranoia!

http://www.routergeek.net/content/view/50/37/

This link should get you started nicely - Hope that helps

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24822755
I too am not familiar with that model Cisco, but the typical configuration is to route traffic for the remote subnet through the VPN, keep local subnet traffic local, and send all other traffic to the local default gateway. DNS can be different as mentioned. For a remote domain client to work properly it must use only your corporate server's DNS server, thus DNS requests, even for browsing, are handled by the corporate DNS server, but the actual web request is via the local gateway. This is very common, unless corporate office wants to manage (control) the Internet traffic.
0
 
LVL 8

Accepted Solution

by:
pgolding00 earned 500 total points
ID: 24829861
in creating the s2s vpn you define an access list on each router and that access list is then used in the crypto config with the match address statement. the access list you define here determines what traffic goes in the vpn tunnel. any traffic that does not match a permit statement in the access list will not be encrypted. all traffic will be sent to the default gateway (the router) and that router decides if it will encrypt and tunnel the traffic or just route it normally out onto the internet.
0

Featured Post

Webinar June 1st - Attacking Ransomware  

The global cyberattack that corrupted hundreds of thousands of computer systems on May 12th had a face, name, & price tag that we’ve seen all too often in recent years: Ransomware. With the stakes – and costs – of a ransomware attack higher than ever, is your business prepared ?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VOIP gateways - feedback 23 126
SSL VPN to Fortigate 100D 2 33
Urgent !I am connecting a cisco catalyst 3560 switch amber light on port 15 78
Need to cut my Verizon home cost 3 67
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question