Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
387
Views
0
Helpful
1
Replies

Isolating VPN traffic from local traffic

falain
Level 1
Level 1

‎05-25-2004 01:07 PM - edited ‎02-21-2020 01:10 PM

My VPN terminate on an inside IOS router (7204VXR) connected to local switched lan with a 10/100 Lan card in trunk mode.

VPN trafic comes from outside accross pix inside interface (static nat and access list) mixed with inbound/outbound clear trafic

I have a free Pix Lan interface that I would use to forward only VPN encrypted traffic (Isakmp & Esp)

I connected that pix intf to a switch port and created static nat for 7204 on this new interface.

I created a new Vlan associating this switch port and a new subinterface on 7204 FastEth interface, with crypto map.

Encrypted VPN traffic successfully comes from Pix in new Vlan to 7204 sub intf, but outgoing VPN replies from 7204 go to its default route, then finally to inside Pix interface, where it is dropped.

How can I configure 7204 in order to reply through the same subinterface as VPN traffic comes ?

I thought to a route-map but no way to specify dest IP add since it can be anything (ISP's dependant).

Is there a way to route-map based on protocol (ISAKMP,ESP,UDP4500) ?

thanks for help

Labels:
0 Helpful
1 Reply 1

didyap
Level 6
Level 6

‎05-31-2004 08:51 AM

Have you tried using this command?

access-list 110 permit udp any any eq non500-isakmp

0 Helpful
Customers Also Viewed These Support Documents