10-29-2009 07:32 AM - edited 02-21-2020 03:46 AM
We just installed a new Internet filter that uses a SPAN source port to see the traffic heading to/from the Internet. A problem arose because our remote access vpn users are bypassing the filter since their traffic never crosses the SPAN source port. I remember with concentrators we didn't route in and out of the concentrators, and prior to ASA, a PIX wouldn't let traffic in and then out of the same interface. It had to be sent to a router. I'm using an ASA now, and of course the same security perm intra command takes cares of that, but I'm trying to figure out a way to sort of revert and rely on a router to route only remote access vpn traffic. The path looks like
Internet -> ASA -> 4510 (SPAN source is link between ASA and 4510)
So I want to be able to send default traffic from a remote access client to the 4510, and then have that traffic turned around to the ASA and Internet. Possible?
thank you,
Bill
Solved! Go to Solution.
10-29-2009 09:29 AM
You can try a tunneled default route.
route inside 0.0.0.0 0.0.0.0 <4510.ip> tunneled
10-29-2009 09:29 AM
You can try a tunneled default route.
route inside 0.0.0.0 0.0.0.0 <4510.ip> tunneled
10-29-2009 01:13 PM
that's a lot simpler than where I was headed, thank you.
10-29-2009 01:30 PM
So I guess it worked?
10-29-2009 01:43 PM
it did.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: