I have a client who has multiple sites connecting back to a HQ site. Currently all traffic is sent over the VPN's. I want to stop this, and originally thought it was a routing issue however the default route is pointing to the current WAN IP for this device so I assume it is an ACL setting.
What ACL is needed to allow the internet traffic out locally and not over the VPN?
If the VPN went down would the local site revert sending traffic to the internet locally or just fail to get internet access?
Part of Config pasted below (IP's changed) - Dialer1 is the WAN interface:
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 184.108.40.206 255.255.255.255 Dialer1
ip route 220.127.116.11 255.255.255.255 Dialer1
ip tacacs source-interface Ethernet0
no ip http server
no ip http secure-server
access-list 23 permit 18.104.22.168
access-list 23 permit 22.214.171.124
access-list 23 permit 10.44.0.0 0.0.255.255
access-list 23 permit 192.168.40.0 0.0.0.255
access-list 23 permit 10.12.0.128 0.0.0.31
access-list 23 permit 172.16.0.0 0.0.255.255
access-list 23 permit 10.9.4.0 0.0.0.255
access-list 101 permit ip 192.168.40.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run