Is policy routing with VPN Concentrator 3000 possible
We have a handful of PIXes and ASAs running at remote locations configured for EZVPN. What we want to do is to force all traffic from the remote locations through a content filter, which doesn't act as a proxy. Given that the gateway for the VPN concentrator is pointed to the Internet, is it possible to force all VPN client traffic to route through the inside interface? I've seen some references that the VPN concentrator has policy routing, but I haven't see any configuration information. Has anyone else attempted this?
Re: Is policy routing with VPN Concentrator 3000 possible
There are two concepts for creating alternate default gateways for the concentrators. One is the tunnel default gateway,
which can route all tunnel traffic to an alternate gateway that hairpins it back to the concentrator. There is also the capability to override the tunnel default gateway to allow the concentrator itself to hairpin the traffic.
Here is a URL that explains these concepts in more detail. HTH
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...