06-01-2007 09:10 AM - edited 03-05-2019 04:26 PM
Is there a way to route traffic from one address to our VPN3020 and from other addresses out our ASA? Right now we have a static route that pushes all traffic destined for a certain destination out our VPN3020 and we have someone that is not on the ACL that wants to be able to traceroute to it but it dies at our VPN3020.
06-01-2007 09:15 AM
Phil
You do not give us any information about your topology and what other equipment is involved and that makes it difficult for us to give you a definitive answer. In general if traffic is passing through a router you could configure Policy Based Routing and treat traffic from a particular source address differently. It sounds like that would do what you want.
If that does not provide the answer that you need then perhaps you can provide a bit more information about the environment.
HTH
Rick
06-03-2007 05:34 AM
Yes, you can split your route by using static route or route-map
IP route y.y.y.y m.m.m.m vpn3020
IP route x.x.x.x m.m.m.m ASA
or
access-list 101 permit ip x.x.x.x m.m.m.m x.x.x.x m.m.m.m
route-map xyx permit 10
match ip address 101
set ip next-hope ASA
and you also mention traceroute is dies at your VPN3020. Yes, it might cause by IP is not allow on ACL, but also make sure you allow ICMP, traceroute is all about echo-request and echo-reply.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide