Solved: Re: router on a stick

WILLIAM STEGMAN · ‎10-29-2009

We just installed a new Internet filter that uses a SPAN source port to see the traffic heading to/from the Internet. A problem arose because our remote access vpn users are bypassing the filter since their traffic never crosses the SPAN source port. I remember with concentrators we didn't route in and out of the concentrators, and prior to ASA, a PIX wouldn't let traffic in and then out of the same interface. It had to be sent to a router. I'm using an ASA now, and of course the same security perm intra command takes cares of that, but I'm trying to figure out a way to sort of revert and rely on a router to route only remote access vpn traffic. The path looks like

Internet -> ASA -> 4510 (SPAN source is link between ASA and 4510)

So I want to be able to send default traffic from a remote access client to the 4510, and then have that traffic turned around to the ASA and Internet. Possible?

thank you,

Bill

acomiskey · ‎10-29-2009

You can try a tunneled default route.

route inside 0.0.0.0 0.0.0.0 <4510.ip> tunneled

View solution in original post

acomiskey · ‎10-29-2009

You can try a tunneled default route.

route inside 0.0.0.0 0.0.0.0 <4510.ip> tunneled

WILLIAM STEGMAN · ‎10-29-2009

that's a lot simpler than where I was headed, thank you.

acomiskey · ‎10-29-2009

So I guess it worked?

WILLIAM STEGMAN · ‎10-29-2009

it did.