Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
554
Views
4
Helpful
2
Replies

ASA without Default Route to answer specific requests

Miguel Alejandro Callejas Pastor
Level 1
Level 1

‎10-04-2016 08:28 AM

Hi,

I have been looking a lot for a answer to this question and I just found concepts rather than configurations.

I need to remove this line from the ASA configuration:

route outside 0.0.0.0 0.0.0.0 190.181.X.X 1

I am actually using this interface to make two VPNs.

We have a different connection to access the internet, so this firewall is only being used to allow VPN connections. 

How can I make this ASA to just respond to the requests VPN clients do?

What for? Well, I need that the VPN Clients (that redirects all the traffic through the VPN) can use a different internet connection here. (Which is in another firewall)

Regards

Miguel

Labels:
0 Helpful
2 Replies 2

nspasov
Cisco Employee
Cisco Employee

‎10-04-2016 09:42 AM

Hello Miguel-

The FW needs a default rout so it knows how to route packets to destinations that are not known to it. Thus, you cannot remove it :)

If your goal is to use this FW for VPN only then you can restrict all other access through simple ACLs that would only allow the VPN related traffic and block everything else. 

I hope this helps!

Thank you for rating helpful posts!

Miguel Alejandro Callejas Pastor
Level 1
Level 1
In response to nspasov

‎10-04-2016 03:07 PM

Thanks for the answer,

So there is no way to make this U-turn in ASA?    (attached)

The VPN clients redirects ALL the traffic through the VPN, and I need them to use the edge-router to browse the internet. 

Preview file
2018 KB
0 Helpful
Customers Also Viewed These Support Documents