Showing results for 
Search instead for 
Did you mean: 

Routing Issue


On a ASR1004 I have a 10G circuit ,it is separated into 2 VLANs.  One is on TenG0/1/0.350 and the other is TenG0/1/0.450, the first hold all internet traffic while the other holds our VPN connection.  It is that circuit TENG0/1/0.450 that I have questions with.  It has an IP of, I have a Gigabit connection on ASR 1004 of, would like to allow this VPN traffic through our network without interfering with the internet.  Should I use a route-map statement to send to firewall(FW)? Or should I use policy based routing (PBR) statement that would cause a longer configuration statement.  I am trying to allow traffic through our network for downstream users.  Should I just move the connection to the FW 



9 Replies 9


Added notes

Flavio Miranda
VIP Mentor VIP Mentor
VIP Mentor

If I read it right, you have on link. That´s correct? 

What is it your consern about passing VPN traffic and internet traffic ?  And why do you have the router´s cascate? 

Should I just utilized the VLAN 450 like a site to site connection?  Or use BGP routing on the FW?


I have another concern should there be a IP ROUTE statement within the
router to the outside interface or the inside?

ip route (inside)

ip route (outside)



Yes my concern is about passing both VPN and internet traffic at the same time.  Will they interfere with each other? How can I configure this so when one goes down the other link will take over, but give the same rights.



Once I made the connection, traffic stopped?  I rebooted the FW, once  I went ahead with the S2S and it worked but have a lot of lag.  I added the IP route statements on the router.  


 Sorry, can we start over?

Let me know what you did so far and where you want to get please. Let me see if I can help you properly.

Sure, I just got this message so sorry for not answering earlier.

I have enclosed a Visio diagram with questions.

I have completed the site to site on ASA but the connections flops and causes issues in routing.  I am trying to connect a Enterprise VPN session to our current network.


Having Same issue. Is there any way to force packets to go back out the same interface they are received on? Basically, my 3750x has a default route going out one interface. I also have a "special" appliance plugged into int 34. I need packets that arrive on that interface to go back out the same interface and not use the default route. Is there a way to do this? Thank you.                   DQFanSurvey Feedback

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers