EZVpn Cisco 881w


I currently have an 881w with an ezvpn setup to the company lan. One of the switch ports on the router is meant for the VPN, and the other three are meant for any devices needing to go straight out to the internet. I have tried numerous configurations, but have had no luck. Any suggestions or help would be greatly appreciated.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Your crypto map is going to be applied to your wan interface which is going to route traffic to the other side of your vpn tunnel (company lan) via an access-list that defines what traffic is (company lan).  If you implement split tunneling then your internet traffic will go out your wan interface to your ISP and not the company lan for internet services.

The other lan ports on the router by default will grab a dhcp address from the pool and be used as a normal lan interface.  If they send traffic that matches the access-list destined for the company lan it will go other wise if split tunneling is allowed their traffic will go out to the internet by passing the company lan.

Hope this helps.
FunkyBrownAuthor Commented:
So pretty much what your saying is that my only option is to enable split tunnelling, set up two separate vlans, and then deny/allow traffic according to how it is supposed to?
For the clients connected to the additional lan ports on the router do you not want them to have VPN access to the company lan?


In that example config read the comments on the section for split tunneling.  All split tunneling is an access list that you tell what traffic you want encrypted (going to company lan).  All other traffic that does not meet that access list will be unencrypted and sent out to the internet.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FunkyBrownAuthor Commented:
No I just want one of the ports for the company lan. The other three will be used for the users personal use. I know its not an ideal setup, but thats the configuration they want for the clients. I will read through that link.
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.