01-23-2016 06:20 PM
I am in the process of combining both a remote access and site to site vpn configuration into one device. Right now I have a "route inside 0 0 x.x.x.x tunneled" statement on each of these. My understating is that the "tunneled" command will simply direct from emerging from a vpn tunnel to the next hop device specified in the statement. However, I will end up with two these statements on a single asa pointing to different next hop addresses. What would be the best approach to still making this work besides creating a long list of static routes? Is there a way to specify "route inside 0 0 x.x.x.x tunneled" for an remote access vpn and another for any site to site vpn's?
01-24-2016 12:24 AM
I could easily be wrong here, but I thought the "tunneled" option only applied to user to site traffic.
Either way, do you have an internal layer 3 switch? If so, could you just send everything to it to sort out?
Failing that, do you have to route 0.0.0.0/0? Could you not put in more specific tunneled routes?
01-24-2016 12:42 AM
Hi Matthew
What i can get from your description is you want to route the tunneled traffic based on their source,
Is this correct ?
if that is the case "route inside 0 0 x.x.x.x tunneled" will not help as the routes are only destination based. But in that case if you have ASA version >= 9.4, you can have Policy-Based routing to achieve the same :
But in case its only destination based you can use 2 tunneled route statements and summarize the intended destination subnets.
Regards
Jagmeet Singh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide