cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
598
Views
5
Helpful
4
Replies

router on a stick

WILLIAM STEGMAN
Level 4
Level 4

We just installed a new Internet filter that uses a SPAN source port to see the traffic heading to/from the Internet. A problem arose because our remote access vpn users are bypassing the filter since their traffic never crosses the SPAN source port. I remember with concentrators we didn't route in and out of the concentrators, and prior to ASA, a PIX wouldn't let traffic in and then out of the same interface. It had to be sent to a router. I'm using an ASA now, and of course the same security perm intra command takes cares of that, but I'm trying to figure out a way to sort of revert and rely on a router to route only remote access vpn traffic. The path looks like

Internet -> ASA -> 4510 (SPAN source is link between ASA and 4510)

So I want to be able to send default traffic from a remote access client to the 4510, and then have that traffic turned around to the ASA and Internet. Possible?

thank you,

Bill

1 Accepted Solution

Accepted Solutions

acomiskey
Level 10
Level 10

You can try a tunneled default route.

route inside 0.0.0.0 0.0.0.0 <4510.ip> tunneled

View solution in original post

4 Replies 4

acomiskey
Level 10
Level 10

You can try a tunneled default route.

route inside 0.0.0.0 0.0.0.0 <4510.ip> tunneled

that's a lot simpler than where I was headed, thank you.

So I guess it worked?

it did.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: