Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Statically Routing VPN traffic only

Status
Not open for further replies.
n0nc3ntz303

n0nc3ntz303

MIS
Jan 12, 2010
1
US
Good Morning,

This is my first post so please excuse me if I do some thing wrong here.....

My company has an older T1 that they were using for our entire companies gateway. Recently we upgraded our network to a bonded T1 that we bought from qwest. My goal is to route most of the traffic out the new bonded T1 accept for our VPN traffit. The reason being qwest has my public IP on some special kind of service that cannot be reached outside of my MPLS network.... which sucks.

Here is my topology

Old Internet Router(T1)to FIREWALL(192.168.1.201) is forwarding traffic to my FRAME RELAY router(10.10.0.254) and then back to the FIREWALL and out the old T1.

My new MPLS router has the address of (10.10.0.222) which goes out to a qwest managed firewall.

When I change the def. gateway of my FRAME RELAY(192.168.1.201) router to MPLS(10.10.0.222) so the traffic flows out of the MPLS router everything works fine.....almost anyway.

Apparently my VPN users are having trouble connecting because the def. routing in (10.10.0.254) is now going to (10.10.0.222) instead of (10.10.0.254)

So... basically what I am trying to figure out is can I add an IP ROUTE or ACL to my FRAME(10.10.0.254) so when VPN traffic comes from my Domain Controller (10.10.0.1) it forwared to (192.168.1.201) instead of the SG of (10.10.0.222). I assume it needs to be protocol specific.

Any help would be greatly appreciated.

Noncentz303


 
Sort by date Sort by votes
It might be easier if you have a topology map you could post. However, based on your description above, when your users VPN into your site, your VPN device should NAT then to an internal address. It sounds like the internal source address for the VPN users is not defined you your routing tables and is therefore following the default route out of the new MPLS Network instead of out to your old gateway or firewall and back to your VPN device. You have to get the internal VPN traffic back to your 10.10.0.254. You should be able to set up routing to get this traffic back, but there are several ways to do it depending on your topology.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Pankaj88
  • Locked
  • Question
BGP Routing Clarification
Replies
0
Views
111
Pankaj88
Pankaj88
quazimotto
  • Locked
  • Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
67
quazimotto
quazimotto
steel_bender
  • Locked
  • Question
Allow HTTPS TCP Traffic through ASA5525
Replies
1
Views
109
Mogles49
Mogles49
mikey789
  • Locked
  • Question
Can 4000-M Routing VLANs ?
Replies
0
Views
71
mikey789
mikey789
acabezas2014
  • Locked
  • Question
Need to create QoS for SNMP and Radius traffic on Cisco 4948 Switches
Replies
0
Views
74
acabezas2014
acabezas2014

Part and Inventory Search

Sponsor

Back
Top