I've got a problem that I'm hoping is simple for someone out there!
We have an ASA 5520 in production with a brand new internet feed we've just finished installing. We connect to our corporate office via a VPLS. In our corporate office we have a Cisco 1841 (I think that was the year it's made! ) with an ADSL feed with a static IP address plugged in directly.
We have a user VPN that we integrate with our user directory on the router, which connects via the ADSL. The users get an IP addres at the tail end of the 172.31.14.0/24 range, which is the same as one of our corporate subnets (we just reserver a few address, we don't have many VPN users).
Both the ASA and the router connect to each other (via the VPLS) on the internal subnet 10.255.255.0/24.
The ASA is 10.255.255.1
The router is 10.255.255.100
Currently the default route for the corporate office goes out the Dialer interface for the ADSL, which means that's where our internet goes out there (all proxying aside, we'll leave that out of this one).
ip route 0.0.0.0 0.0.0.0 Dialer1
We'd like to change that default route to go via the VPLS to the ASA, and then out to the internet using the new feed. All the ACLs and rules are in place at both ends for this to work. If I change the default route on the router to:
ip route 0.0.0.0 0.0.0.0 10.255.255.1
Then it works as expected.
The problem is that then the user VPN breaks. I had hoped I wouldn't have to do any configuration on this but it looks to be so. I'm guessing that the VPN packets are coming in via the ADSL and back out via the new internet. It would be simple if the remote client had a static IP address as I could put in a static route for each user, but it's always going to be dynamic.
What do I need to put in place to get this working? I thought maybe I could leave the default route via the ADSL and put in a next hop rule to go via the VPLS for the specific subnets that need the new internet, i.e. have a subnet specific default gateway, is this possible? (I gave it a go but it didn't seem to work, I think I didn't implement it properly though as it still went via the ADSL, maybe because there is a nat route-map as well?).
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...