Route all Non-VPN traffic to one address PIX 501

Unanswered Question

Right now, I have a PIX that tunnels back to another network for only certain private subnets. For all other traffic, they go straight out to the web. I want to force that other non-VPN traffic to go to one public address only.

I would like to do this after the VPN connection is established, so I know a simple route will not work.

Your help is appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Mon, 09/29/2008 - 22:05

with router u could do it thorugh PBR policy based roting but this featur not avaible on ASA or PIX

but what u can do is

in ur vpn ACL and no nat ( NAT 0) include only the IPs or networks that needed to use VPN tunnel

on ur NATing or PATing to internat deny the traffic going from ur site to remote site through extended ACL then permit any

this why u will NAT/PAT all other traffic to internet

good luck

if helpful Rate

Below is what I am currently doing from an ACL standpoint. Can you give me a config example on what I need to change/add?

access-list outside_access_in extended permit icmp any any

access-list inside_outbound_nat0_acl extended permit ip LOCALNET 255.255.255.0 ElginInternal 255.255.255.0

access-list inside_outbound_nat0_acl extended permit ip LOCALNET 255.255.255.0 HESNET 255.252.0.0

access-list inside_outbound_nat0_acl extended permit ip LOCALNET 255.255.255.0 CCVPNNET 255.252.0.0

access-list inside_outbound_nat0_acl extended permit ip LOCALNET 255.255.255.0 IndyInternal 255.255.255.0

access-list outside_cryptomap_20 remark Tunnel to Elgin

access-list outside_cryptomap_20 extended permit ip LOCALNET 255.255.255.0 ElginInternal 255.255.255.0

access-list outside_cryptomap_20 remark Tunnel to HES

access-list outside_cryptomap_20 extended permit ip LOCALNET 255.255.255.0 HESNET 255.252.0.0

access-list outside_cryptomap_20 remark Tunnel to CCVPN Sites

access-list outside_cryptomap_20 extended permit ip LOCALNET 255.255.255.0 CCVPNNET 255.252.0.0

access-list outside_cryptomap_20 remark Tunnel to Indy

access-list outside_cryptomap_20 extended permit ip LOCALNET 255.255.255.0 IndyInternal 255.255.255.0

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

Actions

This Discussion