Redirecting web traffic to another location for Remote Access VPN over ASA

venom43212 · ‎03-19-2010

I have an ASA 5510 that I am setting up for remote access VPN. Everything works great with the exception of one problem....this ASA sits in a lo-lo facility, not in the corp HQ. I have a default route on it pointed to the outside interface for the internet facing feed provided by the co-lo. I want users who are connected to the ASA to access the internet via my corporate HQ access, where our proxy, etc. are in place....I am having a problem redirecting this traffic back to HQ which is remote from the location of the ASA; it always wants to take the default route. The remote users will be using the Cisco VPN client 5.0. Any ideas? Thanks in advance.

venom43212 · ‎03-19-2010

Sorry, that was co-lo, not lo-lo

Jennifer Halim · ‎03-19-2010

1) How is the CoLo ASA connected to your HQ? How do you route from CoLo ASA to HQ?

2) Do you configure split tunnel for the VPN Client?

3) Can you share topology diagram and CoLo ASA configuration?

venom43212 · ‎03-22-2010

Was able to resolve with the help of the TAC last friday. Split tunneling was not an option. Resoultion was to set a default route for tunneled traffic pointing to the next hop back to my corp HQ using the tunneled keyword. So, I have my default route pointed to the outside feed from the co-lo, and another pointed to the next hop used to go back to my corp HQ that sends all tunneled traffic, resolving my problem:

route outside 0.0.0.0 0.0.0.0 [next-hop]

route inside 0.0.0.0 0.0.0.0 [next-hop] tunneled