Running 3rd party App over VPN tunnel

Hi EE,

I have three 887 cisco routers, RA1, RB1 and RB2

Site A has RA1 and site B has RB1 and RB2

I have a third party Application (APP) that runs on 5 PCs at Site B (10.10.10.1-5) and they use a Server at site A (10.10.0.10) to complete their work using this APP.

I have created 2 VPN tunnels RA1 <->RB1 (Tunnel1) and RA1 <->RB2 (Tunnel2). The physical end points on RA1 is the same for both tunnels (dial0) Both subnets can reach each other and also the internet.

I want to isolate the traffic for APP (port XXXX) to go only via Tunnel2 between the 5PCs and server. All other traffic (http,https, ftp...internet traffic etc) should go via tunnel 1. The hosts on site B that use the APP also uses internet so internet traffic should go via tun1.

Any thoughts, ideas and pointers to right direction most appreciated. Thanks.
DaeraAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

greg wardSystems EngineerCommented:
0
kevinhsiehCommented:
+1 for policy based routing (PBR).
0
DaeraAuthor Commented:
deepdraw, thanks. PBR works well for RA1 but what I want to achieve also is for all 5 PCs to use RB2 when going to server. Both routers connect to the same subnet 10.10.10.0 with address of RB1 .111 and RB2 .112

Leaves me with:

-Use only one gateway for hosts. i.e .112. This means that I can then use PBR on RB2 to pass traffic to RA1 or route traffic to RB1 if not going to server.

-use two gateways

gateway 112 for traffic going to server and gateway 111 for traffic going to everything else. Any ideas on how to achieve this?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

kevinhsiehCommented:
RB1 should be the default gateway for all machines at the remote site. RB1 would have PBR configured to send specific traffic to RB2, which would use normal routing to send it through tunnel 2.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DaeraAuthor Commented:
So what you are saying is that any traffic going to server will go 2 hops before it goes out tun2. i.e PC1 -> RB!->RB2 (tun2) -> RA1 -> server. I'm trying to avoid the two hops for the traffic as both routers are connected to the LAN. If there are no other solution then may have to use that.
0
kevinhsiehCommented:
Why are you worried about two hops on the LAN? That's an easy and low networking cost solution. It's not like I am sending you over an extra WAN hop. The only other solution would be to manually configure each PC with static routes to the remote server pointing to Rb2, and that works only if all traffic to that IP can go over tunnel 2. Configuring static routes on the workstations is a horrible plan IMHO with lots of drawbacks and will save less than 1 ms.
0
greg wardSystems EngineerCommented:
PC1 -> RB1->RB2 (tun2) -> RA1 -> server
Is pc1 connected straight to the router or is there a switch in between, if so are both router plugged into the switch?
are both the routers connected?
do you want to set up the vpn EIGRP and use QOS instead?
0
DaeraAuthor Commented:
Both Rb1 and rb2 are plugged in to a switch and so as the PCs. Will implement pbr and that should do it as it is all gigabit speed anyway on the Lan side. There is no need for Eigrp vpn or QOS as IP traffic from PC to the server will all go through the tunnel as that is the destination so static routes are enough. Thanks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.