3 Replies Latest reply on Aug 15, 2013 12:53 PM by vmaxdawg05

    Force Internet through VPN tunnel (No split tunnel)

    fnbisson New Member

      I have a VPN tunnel with two adtran device.

       

      Site A is the main office and site B the branch.

       

      I am trying to route all traffic fromnneln Site B to Site A, so that nothing in Site B goes to the internet without going through Site A

       

       

      How can I do this ?

        • Re: Force Internet through VPN tunnel (No split tunnel)
          Employee

          fnbisson - Thanks for posting your question on the forum! You opened up a ticket with Adtran Tech Support, and below I am adding what ended up being the solution to this setup:

           

          You may find the following post is closer to what you are trying to set up: Re: using a VPN as a gateway

           

          However, the Central site configuration will differ slightly from the post if the Central site's VPN router also acts as the Central site's internet router:

           

          ip access-list extended VPN-SELECTORS

            permit ip any <REMOTE LAN SUBNET>


          ** NOTE: The ACL VPN-SELECTORS will need to be the ACL that the crypto map references. The ACLs below are needed for the firewall to handle the traffic correctly.

           

          ip access-list extended VPN-TO-REMOTE

            permit ip <LOCAL LAN SUBNET> <REMOTE LAN SUBNET>

          !

          ip access-list extended VPN-FROM-REMOTE

            permit ip <REMOTE LAN SUBNET> <LOCAL LAN SUBNET>

          !

          ip access-list extended VPN-REMOTE-INTERNET

            permit ip <REMOTE LAN SUBNET> any

          !

          ip policy-class PRIVATE

            allow list VPN-TO-REMOTE stateless

          !

          no ip policy-class PUBLIC rpf-check

          ip policy-class PUBLIC

            allow list VPN-FROM-REMOTE stateless

            nat source list VPN-REMOTE-INTERNET address <WAN IP address>

           

          Please do not hesitate to let us know if you have any further questions or issues.

           

          Thanks,

          Noor

          • Re: Force Internet through VPN tunnel (No split tunnel)
            Employee

            fnbisson -

            I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

             


            Thanks,

            Noor

            • Re: Force Internet through VPN tunnel (No split tunnel)
              vmaxdawg05 Past_Featured_Member

              That looks genius.  I'll give it a go when I get a chance to set up my bench router.

               

              Thanks