Tunneling Lan 2 Lan connections

[credmood]

All,

I have set up a L2L with a remote site, no problem tehre everything works fine, however my bosses want to route ALL traffic through the pipe, not just the L2L network. They want to be able to use our filter server etc. (yes I have told them that this would add to traffic on our pipe) Now i know you can do this with remote access, i.e turn off split tunneling, but is it possible on a L2L?

Any suggestions would be most grateful

Cheers

 

[Robroy2003]

On the remote side remove the nat (inside) 1 command. This will cause all traffic to go across the vpn as none of it is "Nat"ed If memory serves me right, this should be all you need to do.

Mark Spencer

 

[credmood]

If i do that then I get no internet access on the remote site...is there another command that I have to do in order to *route* the traffic through i.e at present I have no route inside command ..

 

[308win]

Yes you get rid of the nat 1 and global 1 commands, then the remote site will need to use a proxy server at your site. That way their internet traffic will 'appear' to be internal traffic. (Then have the remote site start up a big ftp and watch your traffic double.)

 

[credmood]

hmmmmm, yes I have warned them about that...but if thats what they want then thats wot they'll get ... ;o)

 

[AgentK]

Have you tried route-map on the remote site, to control how the hosts are NAT? This may help.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml#routemap

 

[dopehead]

Well, you would then need some other device other than the pix since it does not support route-maps.


Network Systems Engineer
CCNA/CQS/CCSP/Infosec