Question:
i configured
MPLS vpn for remote Cisco 3560 Switch locations using cisco 881 at remote side and cisco 2811 on
our head-office side with a ip vpn service provider.
the remote user
is able to access head office network.
now the problem
is he needs internet access, which i only know the way is we have allow him to use head office
internet connection or another MPLS vpn tunnel with service provider for
internet connection which will be a huge cost.
whcih our
office reluctent to give.
now i am
looking for a way to get the internet traffic out from the modem connected to
his router cisco 881 and the head- office traffic to go on MPLS vpn
now the
traffice flow is like
remote
user-------->cisco 881------>internet modem------------------>serivce
provide netowrk----------------->head office(cisco
2811)----------->Servers
Any help will
be highly appriciated
Answer:
sorry that i
didn't say it clearly, you should ping 192.168.1.1 from remote user's computer
only after you configure default route to internet (ip route 0.0.0 .0
0.0.0.0 192.168.1.1) but not when tunnel is up.
for nat, TRY
this out:
access-list
2000 deny ip any HO_net1
access-list
2000 deny ip any YOUR_HEAD_OFFICE_SUBNET2
access-list
2000 permit ip any any
interface
FastEthernet4
ip nat outside
interface Vlan1
ip nat inside
ip nat inside
source list 2000 interface FastEthernet4 overload
verify nat:
sh access-list
sh nat Cisco 3560
没有评论:
发表评论