Can someone help me/point me to something that would help me configure split DNS?  As it is right now all of our remote locations traffic goes across the VPN.  I'd like to keep internet stuff local and go out of their connection and not travel here to go out.  I had a modem die this week and it was a fucker to figure out why the internet wasn't working when the tunnel was down!

I didn't set these up btw, they were here when I got here and I'm a Cisco noob, I piss with it until it works but I don't think that's a good idea in this case.

What you have a reasonably common corporate setup with all of the Internet going through one location. Anyway, I don't Split-DNS is the term you're after, as it's really more of a routing issue.

Essentially you only want to route traffic down the VPN which is on your internal network. What Cisco VPN do you have?

What Dan said - split DNS is something else (in brief: you create two zones for example.com, one for internally-originated queries and a different yet identically named one for externally-originated queries so that for example an internal user will get 10.0.0.100 for intranet.example.com, but that record won't exist on the external zone or will resolve to a completely different, public IP; clicky!).

You do probably mean slightly smarter routing, so that you only route internal traffic via the VPN and everything else gets NAT'd or whatever then goes off to t'Internet. Right? Unconfuse us, Ken!!!

Ah yes, smarting routing I suppose.  I'd only like internal requests to go over the VPN and internet requests to go out the local internet connection instead of the main head internet connection.

I think he means split-tunnelling, so yes. That would be my guess.

That's it, you were just looking for the name? Or you still want help?  :O)

Well I'll have to see what I can find now that I know what I'm trying to do!  I'll work on it a bit today and let you know!  Thanks!

Does this look like what I need?

Yes.

The really fun bit is when you realise that the same subnet is used on both sides of the tunnel. Then you have to start NATing stuff.

Yeah, we are good that way.  All our sites are all already connected, I'd just like to get them using local internet.

Yes, I think it should work... do you have different subnets at each site?

I sure do!  I didn't get very far with it yesterday because I was lazy, I'll see what I can accomplish today.

Alrighty, let us know if you need a hand.

Edit: just had a thought about DNS, do you have a DNS server at each site? If not, you'd have to set your main DNS server as the first, which would add a tiny bit of network load and potential delay in name resolution if the VPN goes down.

aye I do, each site has a dc to aid in log ons, do dhcp and dns.

No idea if I've answered your last question or not.  At our remote locations I have 870's and here at the main office I replaced the 870 with a RV042G.

If I attached my config could someone help me split it?

I do need a hand. If I post my config dump could you try to help me figure out how to set up the split DNS?

I'd say don't post it on a public website.. but yeah, happy to help  ;-)

I could sanitize it, or I can upload it to dropbox and share it with you?  thanks a bunch for the time and help!

Sanitise it. Then I can have a look too.