SRP521W - default route through VPN

Unanswered Question
Mar 19th, 2012

Hi,

Is it possible to send all traffic through site to site VPN using SRP521W (on the other site ASA) ? Lets say, traffic to Internet from branch through HQ - site to site VPN between branch and HQ. I've tried to set up destination crypto policy entry to 0.0.0.0 0.0.0.0 but it's not accepted.

Firmware version is 1.01.26 (003)

BR,

Marek

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Andrew Hickman Mon, 03/19/2012 - 15:26

Hi,

This is not possible with the SRP500 series.  Only traffic to a specific remote subnet may be directed via the IPSec tunnel.

Andy

csco11476600 Mon, 03/19/2012 - 23:53

Hi,

Thanks for the fast response. I'm wondering if there is any workaround.

The one I have on mind is to set  about 253 static route entries with mask /8 (as far as I remember this is the shortest mask I can use on SRP500 S) and to set up, as a next hop for those routes, some core device in HQ ?

Does this make sens ?

Marek

Andrew Hickman Tue, 03/20/2012 - 02:28

Hi Marek,

It's not possible to create a static route via an IPSec tunnel, so that is not an option I'm afraid.

The only workaround really, would be to have a proxy server at the main site and have all clients use that to access the Internet.  You could then use the Internet Access Control feature to prevent local clients from accessing the Internet directly.

Regards,

Andy

Actions

Login or Register to take actions

This Discussion

Posted March 19, 2012 at 2:14 PM
Stats:
Replies:4 Avg. Rating:
Views:675 Votes:0
Shares:0

Related Content

Discussions Leaderboard

Rank Username Points
1 1,091
2 369
3 181
4 83
5 80
Rank Username Points
5
5