Solved

I need to force access to 2 external IP's through a Cisco router without going down a VPN tunnel.

Posted on 2010-09-06
5
547 Views
Last Modified: 2012-05-10
I have a client that connects to the internet via a remote proxy (ISA server) via a vpn tunnel (PIX)

They have a gateway of 192.168.93.1 wich is a cisco 800 router.

They need to be able to telnet onto 2 external servers without going via the vpn tunnel (91.207.36.33 and 91.207.36.37)

In each client they have internet proxy set to the isa box (192.168.92.200)

I want any access to the above 2 external addresses to be pushed out to the internet, NOT down the VPN tunnel.

Please can you help?


buxton-config.txt
0
Comment
Question by:aduffield76
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 9

Expert Comment

by:Tomas Valenta
ID: 33611824
in Cisco VPN configuration you see IP destination list for what are packet routed to the VPN.
YOu must only customized this list to exclude your two external IP addresses. If you shou me your
Cisco config I will help you.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33611908
Hi,

You need to pus this address to local computer proxy settings!

Best regards,
Istvan
0
 

Author Comment

by:aduffield76
ID: 33612362
If I disable the proxy on the local client it makes no difference as to whether or not it telnet's onto the external IP addresses.

I have attached the config on the local router where I believe the changes need to be made.
site-config.txt
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 33614133

Instead of this:

>access-list 102 permit tcp any any eq telnet
>access-list 102 deny   ip any any log

Try this:
access-list 102 permit tcp any host 91.207.36.33 eq telnet
access-list 102 permit tcp any host 91.207.36.37 eq telnet
access-list 102 deny   ip any any log
0
 
LVL 17

Accepted Solution

by:
surbabu140977 earned 500 total points
ID: 33617242
I presume client is getting the default gateway route when connected to vpn. Hence everytime they are coming over the vpn for any need. You cannot put any static route in the client pc and let them access without the vpn  because the pushed routes after vpn connection takes precedence.

So you cannot possibly divert the clients to other ip's bypassing the vpn tunnel as long as your vpn server push default route to your clients.

Best,
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question