I have 2 x Pix 501 routers with a IPSEC VPN running between them. The Pixs connect to each other via a couple of Aironet 1200s set up as bridges. It looks a bit like this:
Pix1 -- Aironet1 -- Aironet2 -- Pix2
We have an ADSL router plugged in to Pix2 for Internet access as well.
On Pix2 I have the following rules:
access-list inside_outbound_nat0_acl permit ip any any
access-list outside_cryptomap_20 permit ip any 192.168.1.0 255.255.255.0
What I want to be able to do is bypass the VPN for traffic in the 172.16.100.0 subnet so I can manage the Aironets. Otherwise I have to unplug the Pix and plug a laptop in to the Aironets to configure them.
just exclude your AIRONET network range from IPSec tunnel access list configuration. It will help. (then enable SSH on aironet devices in order to keep communication secure)There is one prerequisite - routing for your network you use for managing AP's has to be set up correctly.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...