VPN + Internet configuration?

[Shotman]

Afternoon all,

Wonder if you may be able to help.

We have a PrivateIP WAN which is provided by MCI. The customer edge (our router) is a Cisco 2651. In addition, we also have an ADSL IPSec VPN as failover which is suppored by a Cisco 800 series router - HSRP is run between them. The failover router is currently configured as VPN only.

What we'd like is to change the failover from VPN only to VPN and Internet. This would allow us to offer local Internet breakout.

Any thoughts on the best way to configure this setup?

Many thanks.

 

[KiscoKid]

You just need to define a split tunnel. Withthis functionality, the device can decide what traffic needs encrypting (and hence transporting via the VPN tunnel) and what traffic doesn't get encryped and pushed via the Internet.

 

[Shotman]

Thanks for the reply.

The primary router is connected to a PrivateIP WAN - the failover router is connected to an IPSec VPN WAN. We'd like to use the failover route for local Internet access as well.

How do you think the routing would work?

The PrivateIP network uses BGP whereas the failover uses statics.

 

[Shotman]

Just to make things a little more clear!

The crypto (Cisco) software we have will not support split tunneling - long story but thats the case.

Do you think we should impliment an edge router and connect to our firewall. Then, also connect the crypto the the firewall. All Internet traffic would be directed via proxy to the edge router?