Solved

Separating Default Gateway from VPN

Posted on 2016-10-24
2
52 Views
Last Modified: 2016-10-27
I want to have 2 routers on my network one for default gateway and another for VPN traffic.  What is the best way to configure them.  My previous tries have been unsuccessful where I have an ASA 5505 as default gateway and another ASA5505 for a VPN router.  I had configured a route on the main router that points to VPN router for site-to-site vpn hosts.  I think the issue was that ASA could not route traffic from the same interface back again on the same interface.
0
Comment
Question by:ddman123
2 Comments
 
LVL 14

Accepted Solution

by:
SIM50 earned 500 total points
ID: 41857369
You are thinking of PBR (policy based routing). It uses route maps to do conditional routing.

192.168.1./24 - source, 192.168.2./vpn destination, 192.168.10.250 - VPN gw
match traffic for vpn
access-list 100  permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
create route map
route-map VPN permit 10
match ip address 100
set ip next-hop 192.168.10.250  

Send the rest of the traffic to your default GW.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 41861844
>>route on the main router that points to VPN router

ASA's are firewalls, Routers are Routers, do you have a router (or a layer three switch) BEHIND THE ASA? If so get the ASA thats doing VPN connections to 'reverse route inject' the VPN connected subnets (this means setting up OSPF or EIGRP between the ASAs and the core south/router.

Or  - If thats not an option, then use NAT to help you out, you can PAT all incoming VPN traffic to the inside interface of the VPN ASA, this is simple and requires no Lan Switching or routing.
Like so; (I wrote it for AnyConnect remote VPN client's but you can use it for site to site IPSEC VPN client also).
Cisco AnyConnect – PAT External VPN Pool To An Inside Address

Pete
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question