Is policy routing with VPN Concentrator 3000 possible

Unanswered Question
Feb 3rd, 2010
User Badges:

We have a handful of PIXes and ASAs running at remote locations configured for EZVPN. What we want to do is to force all traffic from the remote locations through a content filter, which doesn't act as a proxy. Given that the gateway for the VPN concentrator is pointed to the Internet, is it possible to force all VPN client traffic to route through the inside interface? I've seen some references that the VPN concentrator has policy routing, but I haven't see any configuration information. Has anyone else attempted this?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
slmansfield Thu, 02/04/2010 - 11:46
User Badges:
  • Silver, 250 points or more

There are two concepts for creating alternate default gateways for the concentrators.  One is the tunnel default gateway,

which can route all tunnel traffic to an alternate gateway that hairpins it back to the concentrator.   There is also the capability to override the tunnel default gateway to allow the concentrator itself to hairpin the traffic.


Here is a URL that explains these concepts in more detail.  HTH


http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_47/configuration/guide/iprout.html#wp999578

Actions

This Discussion