For now the ASA is the only L3 device and yes the ASA terminates a
Site-to-Site IPSec vpn.
Jay, I think that's a great idea, if I can get another router behind
the firewall, use NBAR to match on url and the PBR to redirect that
traffic to the ASA that would work.
Thanks all! That's way I love lurking in this mailing list :)
On Thu, Jan 24, 2013 at 7:47 PM, Joe Sanchez <marco207p_at_gmail.com> wrote:
> Is the ASA the only L3 device you have? Is the ASA the IPSEC termination
> point?
>
> JS
>
>
> On Thu, Jan 24, 2013 at 5:53 PM, marc edwards <renorider_at_gmail.com> wrote:
>>
>> static routes :D
>>
>> On Thu, Jan 24, 2013 at 3:44 PM, Group Study <gs_at_netengineer.org> wrote:
>> > The situation is that the ASA is in a country that's blocking sites on
>> > the Internet, I'd like to give the users at that office access to the
>> > websites, pretty much like a proxy but encrypted.
>> >
>> > So I guess my question is, can you only use an extended ACL or is
>> > there a way to classify a URL for split tunneling to be encrypted and
>> > sent through the tunnel
>> >
>> > On Thu, Jan 24, 2013 at 6:38 PM, Jay McMickle <jay.mcmickle_at_yahoo.com>
>> > wrote:
>> >> Not sure I understand. Normally you encrypt data inside of the tunnel,
>> >> and don't include traffic like the Internet. Do you have the Internet on the
>> >> other side of a tunnel, which is why you need this? Maybe you want to
>> >> encrypt data to another Datacenter where your main Internet is filtered and
>> >> logged?
>> >>
>> >> Sorry, being an Engineer, I over think when questions without full
>> >> explanation are asked. Then again, I lose focus when the explanations are
>> >> too long. You can't win. LOL.
>> >>
>> >> Explain further...
>> >>
>> >> Regards,
>> >> Jay McMickle- CCIE #35355 (RS)
>> >> Sent from my iPhone 5
>> >>
>> >> On Jan 24, 2013, at 4:29 PM, Group Study <gs_at_netengineer.org> wrote:
>> >>
>> >>> Hi Group Study,
>> >>>
>> >>> I understand that for split tunneling you use an extended ACL but is
>> >>> there way to tunnel access for specific websites? I guess, you could
>> >>> put the public IP of the websites in the destination part of the
>> >>> extended ACL but is there a cleaner solution?
>> >>>
>> >>> Thanks.
>> >>>
>> >>>
>> >>> Blogs and organic groups at http://www.ccie.net
>> >>>
>> >>>
>> >>> _______________________________________________________________________
>> >>> Subscription information may be found at:
>> >>> http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu Jan 24 2013 - 19:51:40 ART
This archive was generated by hypermail 2.2.0 : Sun Feb 03 2013 - 16:27:18 ART