router on a stick

Answered Question
Oct 29th, 2009

We just installed a new Internet filter that uses a SPAN source port to see the traffic heading to/from the Internet. A problem arose because our remote access vpn users are bypassing the filter since their traffic never crosses the SPAN source port. I remember with concentrators we didn't route in and out of the concentrators, and prior to ASA, a PIX wouldn't let traffic in and then out of the same interface. It had to be sent to a router. I'm using an ASA now, and of course the same security perm intra command takes cares of that, but I'm trying to figure out a way to sort of revert and rely on a router to route only remote access vpn traffic. The path looks like

Internet -> ASA -> 4510 (SPAN source is link between ASA and 4510)

So I want to be able to send default traffic from a remote access client to the 4510, and then have that traffic turned around to the ASA and Internet. Possible?

thank you,


I have this problem too.
0 votes
Correct Answer by acomiskey about 6 years 12 months ago

You can try a tunneled default route.

route inside <4510.ip> tunneled

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Correct Answer
acomiskey Thu, 10/29/2009 - 09:29

You can try a tunneled default route.

route inside <4510.ip> tunneled


This Discussion