Solved

Site to Site VPN Tunnels w/o routing all interenet traffic though it

Posted on 2009-07-10
8
235 Views
Last Modified: 2012-05-07
My boss wants me to set him up a site to site VPN tunnel from his house to the shop.  I know he isn't going to want all of his traffic flowing though that S2S VPN tunnel.

Is there a way to prevent this from happening becasue short of disconnecting the S2S I can't think of one.

Thanks

0
Comment
Question by:millsusaf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24822513
By site-2-site I assume you mean using two VPN routers? If so, and you set the local router as the default gateway on the PC, Internet traffic will not be sent via the VPN, however if the PC is a member of the domain, DNS will be pointed to the corporate DNS server and the DNS traffic will be via the VPN, this is common.

If you mean he will be connecting to a VPN appliance using a VPN client you can allow local Internet traffic rather than using the VPN by enabling split-tunneling. This is enabled in different ways with different VPN solutions.
0
 
LVL 9

Expert Comment

by:hmare
ID: 24822541
Depending on the hardware you are using, a VPN can be set so that traffic going to a specific network goes through the VPN, all other traffic goes out to the WAN. What hardware are you using?
0
 

Author Comment

by:millsusaf
ID: 24822656
Sorry, two Cisco 2811 are the equipment.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 9

Expert Comment

by:hmare
ID: 24822678
I am not good enough with Cisco interface, but you should be able to establish the connection, and than create static routes sending work traffic one way, and internet traffic another. On the Sonicwall device we use, those rules are created automatically with the VPN policy.
0
 
LVL 5

Expert Comment

by:AngelGabriel
ID: 24822734
Remember the basic rules of VPN

* One side of the connection is going to be the server side, and the other side is the client.
* The client *should* only route traffic destined for the server side. That is all other WAN traffic, should go through the local gateway

Only in certain cases, would *ALL* internet traffic be routed over the VPN, mainly people who suffer from paranoia!

http://www.routergeek.net/content/view/50/37/

This link should get you started nicely - Hope that helps

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24822755
I too am not familiar with that model Cisco, but the typical configuration is to route traffic for the remote subnet through the VPN, keep local subnet traffic local, and send all other traffic to the local default gateway. DNS can be different as mentioned. For a remote domain client to work properly it must use only your corporate server's DNS server, thus DNS requests, even for browsing, are handled by the corporate DNS server, but the actual web request is via the local gateway. This is very common, unless corporate office wants to manage (control) the Internet traffic.
0
 
LVL 8

Accepted Solution

by:
pgolding00 earned 500 total points
ID: 24829861
in creating the s2s vpn you define an access list on each router and that access list is then used in the crypto config with the match address statement. the access list you define here determines what traffic goes in the vpn tunnel. any traffic that does not match a permit statement in the access list will not be encrypted. all traffic will be sent to the default gateway (the router) and that router decides if it will encrypt and tunnel the traffic or just route it normally out onto the internet.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
NAT Public IP through a VPN 17 78
Cisco Edge Routers for BGP 6 91
VPN Ports 8 54
Ping in Fortigate 2 36
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question