Solved

I need to force access to 2 external IP's through a Cisco router without going down a VPN tunnel.

Posted on 2010-09-06
5
544 Views
Last Modified: 2012-05-10
I have a client that connects to the internet via a remote proxy (ISA server) via a vpn tunnel (PIX)

They have a gateway of 192.168.93.1 wich is a cisco 800 router.

They need to be able to telnet onto 2 external servers without going via the vpn tunnel (91.207.36.33 and 91.207.36.37)

In each client they have internet proxy set to the isa box (192.168.92.200)

I want any access to the above 2 external addresses to be pushed out to the internet, NOT down the VPN tunnel.

Please can you help?


buxton-config.txt
0
Comment
Question by:aduffield76
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 9

Expert Comment

by:Tomas Valenta
ID: 33611824
in Cisco VPN configuration you see IP destination list for what are packet routed to the VPN.
YOu must only customized this list to exclude your two external IP addresses. If you shou me your
Cisco config I will help you.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33611908
Hi,

You need to pus this address to local computer proxy settings!

Best regards,
Istvan
0
 

Author Comment

by:aduffield76
ID: 33612362
If I disable the proxy on the local client it makes no difference as to whether or not it telnet's onto the external IP addresses.

I have attached the config on the local router where I believe the changes need to be made.
site-config.txt
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 33614133

Instead of this:

>access-list 102 permit tcp any any eq telnet
>access-list 102 deny   ip any any log

Try this:
access-list 102 permit tcp any host 91.207.36.33 eq telnet
access-list 102 permit tcp any host 91.207.36.37 eq telnet
access-list 102 deny   ip any any log
0
 
LVL 17

Accepted Solution

by:
surbabu140977 earned 500 total points
ID: 33617242
I presume client is getting the default gateway route when connected to vpn. Hence everytime they are coming over the vpn for any need. You cannot put any static route in the client pc and let them access without the vpn  because the pushed routes after vpn connection takes precedence.

So you cannot possibly divert the clients to other ip's bypassing the vpn tunnel as long as your vpn server push default route to your clients.

Best,
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Bandwidth cap???? 8 62
Error after upgrade of 3850s 15 54
Cisco router is restricting wireless bandwidth download and upload speed 38 51
upgrade Cisco Aironet AP 3 9
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question