IOS VPN Web access without split tunneling?

Hey all,

Pulling my hair out here. Is there any way you know of to allow internet access via an ios VPN without allowing split tunneling?

internet----internet router----switch-----VPN Router-----Frame Router |--------Firewall---Internal----|

Hopefully the asci comes out. Essentially the VPN Router and Firewall are in Parrallel, Internal LAN hangs off inside firewall and F0 Frame router. VPN Router goes from Outside to F1 on the Frame Router.

Tried PBR, but there's really no where to apply the route map to since it's VPN, tried the outside just for giggles, no go.... tried adding the backup-gateway x.x.x.x in the isakmp group, again, no go.

Only way I can think of doing this is proxy server or split tunneling, neither is a viable option.

VPN Router running eigrp for the internal 10net and a static default pointing to the internet router.

Thanks,

-Brian

Reply to
Brian V
Loading thread data ...

On Frame Router, default route is via Firewall. On Firewall default route is via Internet router On VPN router default route is via Internet.

On VPN router, use PBR to route all incoming traffic from VPN via Frame Router.

Must be possible? Not up on PBR but can't believe that it's not.

Reply to
anybody43

Tried it....maybe I screwed up the PBR config...or maybe since it's VPN it's still encrypted when it hits the interface and cannot apply the PBR.

route-map VPN permit 1 set ip next-hop 10.101.229.1

access-list 1 permit 10.101.229.0 0.0.0.255

interface FastEthernet0/1 description Outside ip address a.b.c.d 255.255.255.224 crypto map clientmap ip policy route-map VPN

Reply to
Brian V

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.