Router config

Posted on 2011-05-04
Last Modified: 2012-06-21
Hello EE. I am trying to modify an existing configuration to bypass the VPN tunnel for traffic to to one of my interfacses that has an assigned public IP but it is not working.  I am trying to figure out if the problem is my config. I attached the config and added these statements:

Interface FastEthernet0/1
ip address XXX.9.12.XXX (First usable public lan ip)
duplex auto
speed auto

ip route XXX.9.12.XXX

access-list 40 permit xxx.9.12.0 (allow all traffic for testing)

route-map nonat permit 20
 match ip address 40
 set ip next-hop                        

For testing I want to allow all port traffic to and from my Fa0/1. The second public IP is assigned to another device that is connected to my Fa0/1 interface and is using my Fa0/1 IP address as its GTW. Will this work? I cannot ping the device. Are pings blocked?
Question by:InSearchOf
    LVL 2

    Accepted Solution

    Hi Dfig,

         Based on the config file, and What you are trying to do, I think this can help you out.

    The instructions are for a catalyst, but should work if using IOS.  Best of Luck!

    Author Comment

    Thanks for the info nmacfall. I was hoping for something more specific to my question and config. Will my statements work and if not how should I modify them. I not a cisco heavy. I just know how to move around. The config on this ruter was pre-existing.
    LVL 28

    Assisted Solution

    by:Jan Springer
    In a typical VPN configuration, I would except to see an access list denying NAT between the internal IPs of both ends of the tunnel.  Yours is "access-list 10".

    You need three things:

    1) a deny of your test IP in access-list 10 before any permits
    2) an access-list permitting your test IP for the route-map
    3) a route-map statement on the gateway interface for the test IP

    If your test IP comes in on the same interface as all other traffic, then you need to use a single route map with the order of permits being important:  1) test permit is first and 2) VPN permit is second

    With a bunch of "X"s where there should be IPs for internal and external, it's difficult to be more explicit.

    Author Comment

    Thanks for the info jesper. What IPs do you need to see. I am connecting another router to my Fa0/1 interface for a specific use which was not in use before. I want to make sure that it does not use the VPN tunnel just go right out to tne internet. I want to allow inbound and outbound traffic from the router attached to Fa0/1. They both have public ips assigned.

    Author Comment

    Ok got it to work. It required a policy based routing map. Thanks for the help

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
    Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now