Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Traffic Sourced from ASA, does it go over the tunnel?

So on my ASA 5505 I have these commands

aaa-server TACACS+ (outside) host X.X.X.X

aaa-server TACACS+ (outside) host X.X.X.X

There are also similar commands for the DNS server(s) and SNMP + Logging servers etc...

All of them point to the "outside" interface.

I have an ACL that puts all traffic from this WAN site with a destination to the main campus onto the tunnel.

Example: access-list for_vpn_tunnel extended permit ip object WAN_site object MAIN_CAMPUS

My question is will traffic that is coming directly from this ASA get onto the tunnel or will it try to forward it "normally" out the outside interface?

Right now at a lot of WAN sites it is set up that on the "inside" there is a router and all the TACACS+ host statements, DNS, SNMP etc.. All say (inside), I guess this basically bounces the traffic off the router back to the ASA so it can then get onto the tunnel, this seems kind of "unclean" to me and I am wondering if there is a better way to be doing this.


CreatePlease to create content