03-19-2010 09:34 AM - edited 02-21-2020 04:33 PM
I have an ASA 5510 that I am setting up for remote access VPN. Everything works great with the exception of one problem....this ASA sits in a lo-lo facility, not in the corp HQ. I have a default route on it pointed to the outside interface for the internet facing feed provided by the co-lo. I want users who are connected to the ASA to access the internet via my corporate HQ access, where our proxy, etc. are in place....I am having a problem redirecting this traffic back to HQ which is remote from the location of the ASA; it always wants to take the default route. The remote users will be using the Cisco VPN client 5.0. Any ideas? Thanks in advance.
03-19-2010 09:36 AM
Sorry, that was co-lo, not lo-lo
03-19-2010 03:39 PM
1) How is the CoLo ASA connected to your HQ? How do you route from CoLo ASA to HQ?
2) Do you configure split tunnel for the VPN Client?
3) Can you share topology diagram and CoLo ASA configuration?
03-22-2010 08:05 AM
Was able to resolve with the help of the TAC last friday. Split tunneling was not an option. Resoultion was to set a default route for tunneled traffic pointing to the next hop back to my corp HQ using the tunneled keyword. So, I have my default route pointed to the outside feed from the co-lo, and another pointed to the next hop used to go back to my corp HQ that sends all tunneled traffic, resolving my problem:
route outside 0.0.0.0 0.0.0.0 [next-hop]
route inside 0.0.0.0 0.0.0.0 [next-hop] tunneled
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide