Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

SRP521W - default route through VPN

Hi,

Is it possible to send all traffic through site to site VPN using SRP521W (on the other site ASA) ? Lets say, traffic to Internet from branch through HQ - site to site VPN between branch and HQ. I've tried to set up destination crypto policy entry to 0.0.0.0 0.0.0.0 but it's not accepted.

Firmware version is 1.01.26 (003)

BR,

Marek

Everyone's tags (3)
4 REPLIES
Cisco Employee

SRP521W - default route through VPN

Hi,

This is not possible with the SRP500 series.  Only traffic to a specific remote subnet may be directed via the IPSec tunnel.

Andy

New Member

SRP521W - default route through VPN

Hi,

Thanks for the fast response. I'm wondering if there is any workaround.

The one I have on mind is to set  about 253 static route entries with mask /8 (as far as I remember this is the shortest mask I can use on SRP500 S) and to set up, as a next hop for those routes, some core device in HQ ?

Does this make sens ?

Marek

Cisco Employee

SRP521W - default route through VPN

Hi Marek,

It's not possible to create a static route via an IPSec tunnel, so that is not an option I'm afraid.

The only workaround really, would be to have a proxy server at the main site and have all clients use that to access the Internet.  You could then use the Internet Access Control feature to prevent local clients from accessing the Internet directly.

Regards,

Andy

New Member

SRP521W - default route through VPN

Thank you for your answers.

744
Views
0
Helpful
4
Replies
CreatePlease to create content