Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is policy routing with VPN Concentrator 3000 possible

We have a handful of PIXes and ASAs running at remote locations configured for EZVPN. What we want to do is to force all traffic from the remote locations through a content filter, which doesn't act as a proxy. Given that the gateway for the VPN concentrator is pointed to the Internet, is it possible to force all VPN client traffic to route through the inside interface? I've seen some references that the VPN concentrator has policy routing, but I haven't see any configuration information. Has anyone else attempted this?

Thanks

1 REPLY
Silver

Re: Is policy routing with VPN Concentrator 3000 possible

There are two concepts for creating alternate default gateways for the concentrators.  One is the tunnel default gateway,

which can route all tunnel traffic to an alternate gateway that hairpins it back to the concentrator.   There is also the capability to override the tunnel default gateway to allow the concentrator itself to hairpin the traffic.

Here is a URL that explains these concepts in more detail.  HTH

http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_47/configuration/guide/iprout.html#wp999578

293
Views
0
Helpful
1
Replies