Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SRP521W - default route through VPN

Hi,

Is it possible to send all traffic through site to site VPN using SRP521W (on the other site ASA) ? Lets say, traffic to Internet from branch through HQ - site to site VPN between branch and HQ. I've tried to set up destination crypto policy entry to 0.0.0.0 0.0.0.0 but it's not accepted.

Firmware version is 1.01.26 (003)

BR,

Marek

Everyone's tags (3)
4 REPLIES
Cisco Employee

SRP521W - default route through VPN

Hi,

This is not possible with the SRP500 series.  Only traffic to a specific remote subnet may be directed via the IPSec tunnel.

Andy

New Member

SRP521W - default route through VPN

Hi,

Thanks for the fast response. I'm wondering if there is any workaround.

The one I have on mind is to set  about 253 static route entries with mask /8 (as far as I remember this is the shortest mask I can use on SRP500 S) and to set up, as a next hop for those routes, some core device in HQ ?

Does this make sens ?

Marek

Cisco Employee

SRP521W - default route through VPN

Hi Marek,

It's not possible to create a static route via an IPSec tunnel, so that is not an option I'm afraid.

The only workaround really, would be to have a proxy server at the main site and have all clients use that to access the Internet.  You could then use the Internet Access Control feature to prevent local clients from accessing the Internet directly.

Regards,

Andy

New Member

SRP521W - default route through VPN

Thank you for your answers.

718
Views
0
Helpful
4
Replies