Split Routing Question - ASA and VPN3020

Unanswered Question
Jun 1st, 2007

Is there a way to route traffic from one address to our VPN3020 and from other addresses out our ASA? Right now we have a static route that pushes all traffic destined for a certain destination out our VPN3020 and we have someone that is not on the ACL that wants to be able to traceroute to it but it dies at our VPN3020.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Fri, 06/01/2007 - 09:15


You do not give us any information about your topology and what other equipment is involved and that makes it difficult for us to give you a definitive answer. In general if traffic is passing through a router you could configure Policy Based Routing and treat traffic from a particular source address differently. It sounds like that would do what you want.

If that does not provide the answer that you need then perhaps you can provide a bit more information about the environment.



nhan.duong Sun, 06/03/2007 - 05:34

Yes, you can split your route by using static route or route-map

IP route y.y.y.y m.m.m.m vpn3020

IP route x.x.x.x m.m.m.m ASA


access-list 101 permit ip x.x.x.x m.m.m.m x.x.x.x m.m.m.m

route-map xyx permit 10

match ip address 101

set ip next-hope ASA

and you also mention traceroute is dies at your VPN3020. Yes, it might cause by IP is not allow on ACL, but also make sure you allow ICMP, traceroute is all about echo-request and echo-reply.


This Discussion