09-26-2022 06:54 AM
Hello all,
I'm doing a firewall project and currently I need to remote access user to route to a difference next hop than the one they use currently.
Flow is the Anyconnect remote access users terminate onto the ASA and route internally to internal servers they airpin if using default route to the internet pretty standard.
new set up is I want the the vpn users to be policy based routed and to go to next hop which is another firewall is this possible?
09-26-2022 07:38 AM
I think If I understand you
ASA1 is end of VPN anyconnect
Anyconnect will forward to ASA2 which have default route different than ASA1 ?
if above Yes then you need PBR in ASA2
and in ASA1 you only need static route to ASA2
09-26-2022 08:39 AM
ASA1 is the vpn headend it won't forward to ASA2 be default it will go south to ASA3, ASA2 is new firewall which is also connected to internet.
Normal path is ASA1 to ASA3 , ASA3 sendings to ASA2 if default route, if lan then ASA3 sends to to the LAN which is it connected to.
What we trying to do is send anyconnect clients from ASA 1 and from ASA1 if default route then to internet if LAN resources send to ASA3
hope this makes sense.
09-26-2022 09:07 AM
can you draw the topology ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide