Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

router on a stick

We just installed a new Internet filter that uses a SPAN source port to see the traffic heading to/from the Internet. A problem arose because our remote access vpn users are bypassing the filter since their traffic never crosses the SPAN source port. I remember with concentrators we didn't route in and out of the concentrators, and prior to ASA, a PIX wouldn't let traffic in and then out of the same interface. It had to be sent to a router. I'm using an ASA now, and of course the same security perm intra command takes cares of that, but I'm trying to figure out a way to sort of revert and rely on a router to route only remote access vpn traffic. The path looks like

Internet -> ASA -> 4510 (SPAN source is link between ASA and 4510)

So I want to be able to send default traffic from a remote access client to the 4510, and then have that traffic turned around to the ASA and Internet. Possible?

thank you,

Bill

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: router on a stick

You can try a tunneled default route.

route inside 0.0.0.0 0.0.0.0 <4510.ip> tunneled

4 REPLIES
Green

Re: router on a stick

You can try a tunneled default route.

route inside 0.0.0.0 0.0.0.0 <4510.ip> tunneled

Community Member

Re: router on a stick

that's a lot simpler than where I was headed, thank you.

Green

Re: router on a stick

So I guess it worked?

Community Member

Re: router on a stick

it did.

362
Views
5
Helpful
4
Replies
CreatePlease to create content