Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hypothetical situation - net 10.10.10.0/24 routes to PIX 'outside' int webserver on the 'inside' at 192.168.1.1ACLs asside for the moment, is it possible to have any www traffic hitting the 'outside' interface forwarded towards 192.168.1.1?Without ...
Rather than retyping everything, I'll just say I'm seeing the same problem as mtrcek is describing here: http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Expert%20Archive&topic=Security&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Dout...
Can't really answer the conceptual question but what if you were to avoid the conundrum all together?If 100% of the traffic is covered by your l2l tunnel, a static route on the ASA for 10.2.2.0/24 to 1.1.1.3 would work and then you'd only need to wor...
Thanks for the quick reply but I think I miss-stated what I was going for. "any www traffic hitting the outside int" could have been put a bit more clearly.Say the outside int ip is 172.16.1.1Some arbitrary outside router directs 10.10.10.0/24 to 17...
Nope.Though the testing I've been able to do shows that my headaches really are, as the message implies, because the tunnel was torn down (and immediately rebuilt). - The tunnel goes down in flames on each phase1 rekey. - New traffic comes along and ...
Thanks for the tip on the timings - I'll have to fiddle with that when I (finally) get the chance to retest.And ...CSCsi40796http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsi40796