Problems with tunneled route on ASA 5510

Unanswered Question
Feb 13th, 2008
User Badges:

Hi everyone,

I got a little routing issue with an ASA 5510. This device has two Internet connections , one for Browsing and other for Remote VPN Clients and a L2L VPN . I put a static route for the peer of L2L VPN and all seems to work fine.

Two days ago i noticed that Remote VPN clients didnt establish the connection ( fail reason: remote peer not responding). After some troubleshooting task i saw that it was a routing issue ( the VPN connection response from the ASA was send to the wrong link). I put one static route to the IP Address of the remote VPN client and it work fine. Because this was not a smart solution i searched in and find that one ASA appliance can have one default route for the normal traffic and other for the encrypted traffic that terminates in the equipment. So i declare in the ASA conf this two lines:

route INTERNET 0 0 x.x.x.x

route VPNLINK 0 0 y.y.y.y tunneled

After that, i made a test but it not work. I do not have IP verify reverse path feature enable ( this make a tunneled route fail). Am i missing some configuration task here? Anything else to enable/disable?


P.D: If a execute sh route i see two default routes, one for Internet with metric 1, and other for tunneled traffic with 255 metric.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion