Solved

I need to force access to 2 external IP's through a Cisco router without going down a VPN tunnel.

Posted on 2010-09-06
5
543 Views
Last Modified: 2012-05-10
I have a client that connects to the internet via a remote proxy (ISA server) via a vpn tunnel (PIX)

They have a gateway of 192.168.93.1 wich is a cisco 800 router.

They need to be able to telnet onto 2 external servers without going via the vpn tunnel (91.207.36.33 and 91.207.36.37)

In each client they have internet proxy set to the isa box (192.168.92.200)

I want any access to the above 2 external addresses to be pushed out to the internet, NOT down the VPN tunnel.

Please can you help?


buxton-config.txt
0
Comment
Question by:aduffield76
5 Comments
 
LVL 9

Expert Comment

by:Tomas Valenta
ID: 33611824
in Cisco VPN configuration you see IP destination list for what are packet routed to the VPN.
YOu must only customized this list to exclude your two external IP addresses. If you shou me your
Cisco config I will help you.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33611908
Hi,

You need to pus this address to local computer proxy settings!

Best regards,
Istvan
0
 

Author Comment

by:aduffield76
ID: 33612362
If I disable the proxy on the local client it makes no difference as to whether or not it telnet's onto the external IP addresses.

I have attached the config on the local router where I believe the changes need to be made.
site-config.txt
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 33614133

Instead of this:

>access-list 102 permit tcp any any eq telnet
>access-list 102 deny   ip any any log

Try this:
access-list 102 permit tcp any host 91.207.36.33 eq telnet
access-list 102 permit tcp any host 91.207.36.37 eq telnet
access-list 102 deny   ip any any log
0
 
LVL 17

Accepted Solution

by:
surbabu140977 earned 500 total points
ID: 33617242
I presume client is getting the default gateway route when connected to vpn. Hence everytime they are coming over the vpn for any need. You cannot put any static route in the client pc and let them access without the vpn  because the pushed routes after vpn connection takes precedence.

So you cannot possibly divert the clients to other ip's bypassing the vpn tunnel as long as your vpn server push default route to your clients.

Best,
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question