I got a little routing issue with an ASA 5510. This device has two Internet connections , one for Browsing and other for Remote VPN Clients and a L2L VPN . I put a static route for the peer of L2L VPN and all seems to work fine.
Two days ago i noticed that Remote VPN clients didnt establish the connection ( fail reason: remote peer not responding). After some troubleshooting task i saw that it was a routing issue ( the VPN connection response from the ASA was send to the wrong link). I put one static route to the IP Address of the remote VPN client and it work fine. Because this was not a smart solution i searched in cisco.com and find that one ASA appliance can have one default route for the normal traffic and other for the encrypted traffic that terminates in the equipment. So i declare in the ASA conf this two lines:
route INTERNET 0 0 x.x.x.x
route VPNLINK 0 0 y.y.y.y tunneled
After that, i made a test but it not work. I do not have IP verify reverse path feature enable ( this make a tunneled route fail). Am i missing some configuration task here? Anything else to enable/disable?
P.D: If a execute sh route i see two default routes, one for Internet with metric 1, and other for tunneled traffic with 255 metric.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...