Actually i'm working with the following topology outside my firewall:
ASA <------> Rtr1 <------> WAN-IPSEC-2
<------> Rtr2 <------> WAN-PUBLIC
<------> GW-WAN <------> WAN-1
I explain it. The ASA default gateway is GW-WAN and this router via Policy-Based-Routing redirects the traffic to Rtr-1, Rtr-2 or two balanced local interfaces (WAN-1,WAN-2). GW-WAN is a 1812 router. Rtr1and Rtr2 are 877 routers. Rtr1 is user to bypass IPSec site-to-site traffic from our remote sites to ASA. Rtr2 is used to allow all ingress services (http, https, dns, smtp,...) and WAN-1 / WAN-2 is used for egress traffic (web navigation,...).
My trouble is if a user of any remote IPSec site tries to access any remote service via WAN-PUBLIC link don't works because ASA redirects the come-back way to Rtr1 according PBR policy but in GW-WAN the policy is only for the ESP traffic and the other traffic are denied.
If i analyze the traffic beween ASA and WAN i see that the ASA unit sents all traffic to remoter IPSec peer through Rtr1 and not to the default gateway(GW-WAN). Surely i have any problem in ASA or GW-WAN configuration but i couldn't find it.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...