• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 921
  • Last Modified:

EZVpn Cisco 881w

Hello,

I currently have an 881w with an ezvpn setup to the company lan. One of the switch ports on the router is meant for the VPN, and the other three are meant for any devices needing to go straight out to the internet. I have tried numerous configurations, but have had no luck. Any suggestions or help would be greatly appreciated.
0
FunkyBrown
Asked:
FunkyBrown
  • 2
  • 2
1 Solution
 
alewis9777Commented:
Your crypto map is going to be applied to your wan interface which is going to route traffic to the other side of your vpn tunnel (company lan) via an access-list that defines what traffic is (company lan).  If you implement split tunneling then your internet traffic will go out your wan interface to your ISP and not the company lan for internet services.

The other lan ports on the router by default will grab a dhcp address from the pool and be used as a normal lan interface.  If they send traffic that matches the access-list destined for the company lan it will go other wise if split tunneling is allowed their traffic will go out to the internet by passing the company lan.

Hope this helps.
0
 
FunkyBrownAuthor Commented:
So pretty much what your saying is that my only option is to enable split tunnelling, set up two separate vlans, and then deny/allow traffic according to how it is supposed to?
0
 
alewis9777Commented:
For the clients connected to the additional lan ports on the router do you not want them to have VPN access to the company lan?

https://www.cisco.com/en/US/products/hw/routers/ps221/products_configuration_example09186a008073e078.shtml

In that example config read the comments on the section for split tunneling.  All split tunneling is an access list that you tell what traffic you want encrypted (going to company lan).  All other traffic that does not meet that access list will be unencrypted and sent out to the internet.
0
 
FunkyBrownAuthor Commented:
No I just want one of the ports for the company lan. The other three will be used for the users personal use. I know its not an ideal setup, but thats the configuration they want for the clients. I will read through that link.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now