Solved

I need to force access to 2 external IP's through a Cisco router without going down a VPN tunnel.

Posted on 2010-09-06
5
539 Views
Last Modified: 2012-05-10
I have a client that connects to the internet via a remote proxy (ISA server) via a vpn tunnel (PIX)

They have a gateway of 192.168.93.1 wich is a cisco 800 router.

They need to be able to telnet onto 2 external servers without going via the vpn tunnel (91.207.36.33 and 91.207.36.37)

In each client they have internet proxy set to the isa box (192.168.92.200)

I want any access to the above 2 external addresses to be pushed out to the internet, NOT down the VPN tunnel.

Please can you help?


buxton-config.txt
0
Comment
Question by:aduffield76
5 Comments
 
LVL 9

Expert Comment

by:Tomas Valenta
Comment Utility
in Cisco VPN configuration you see IP destination list for what are packet routed to the VPN.
YOu must only customized this list to exclude your two external IP addresses. If you shou me your
Cisco config I will help you.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
Comment Utility
Hi,

You need to pus this address to local computer proxy settings!

Best regards,
Istvan
0
 

Author Comment

by:aduffield76
Comment Utility
If I disable the proxy on the local client it makes no difference as to whether or not it telnet's onto the external IP addresses.

I have attached the config on the local router where I believe the changes need to be made.
site-config.txt
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility

Instead of this:

>access-list 102 permit tcp any any eq telnet
>access-list 102 deny   ip any any log

Try this:
access-list 102 permit tcp any host 91.207.36.33 eq telnet
access-list 102 permit tcp any host 91.207.36.37 eq telnet
access-list 102 deny   ip any any log
0
 
LVL 17

Accepted Solution

by:
surbabu140977 earned 500 total points
Comment Utility
I presume client is getting the default gateway route when connected to vpn. Hence everytime they are coming over the vpn for any need. You cannot put any static route in the client pc and let them access without the vpn  because the pushed routes after vpn connection takes precedence.

So you cannot possibly divert the clients to other ip's bypassing the vpn tunnel as long as your vpn server push default route to your clients.

Best,
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Palo Alto Networks Global Protect 2 50
Cisco Sup720 Migrate to Sup2T 5 35
NSD FAIL 2 19
Cisco NBAR 6 13
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now