The VPN3000 has a tunnel default gateway which is the next hop IP address used by a LAN-to-LAN or a Remote Client connection after their packet decrypted by the Concentrator. I am wondering if one can configure different tunnel default gateway for each LAN-to-LAN connections or for each group of remote-clients. For example:
1.LAN-to-LAN connection from VPNA has a Tunnel Gw A
2.LAN-to-LAN connection from VPNB has a Tunnel Gw B
The VPN 3000 Concentrator uses the tunnel default gateway to route the tunneled users within the private network (usually the inside router). The VPN Concentrator uses the default gateway to route packets to the Internet (usually the outside router).
And there is no option on the VPN3000 where you can configure different tunnel default gateways and this is not possible as well.
Is there any specific reason that you want this and if so, can you share it on the group.
Thanks for your assistance. There is no specific reason, I am just being asked by the customer, because of the routing table limitation of VPN3005. Instead of populated the routing table of VPN3005 with unnecessary routes, it might be better to point the LAN-to-LAN tunnels or remote-client groups to several tunnel default gateways and let the gateways handle the route to the other networks. Of course, this design only fits if the internal does have several separate routers to the other networks. Anyway, we are able to confince the customer to buy a VPN3030 instead.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...