All of them get IP addresses from several pools. The problem is that I have only one default gateway for all the tunelled users. Which messes my plans.
Is there a way to assign different default gateway to each group of tunelled users?
Or another question...
Since I have the same default gateway for all the users, if I put them in the same IP pool (like 172.16.30.0/24) can I apply filters that will block traffic in the local segment "before" the default gateway?
You can do it with PBR(PolicyBasedRouting) but if you have 3 class /24 ip addresses and such your fa0 ip address is 172.16.30.1 , then if your provider route all of your 3 class to this IP , your problem has solved and you dont need to do PBR. and with one defualt gateway you can handle it
Have you tried the Network List instead of Filters or with the filters. CVPN will send route localy to the node. It is like the ROUTE ADD command in Dos shell. The traffic wont be send on your CVPN if your destination network is not in it. If you want the traffic being pass through your CVPN, just add the network you want in the Network List
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...