The Security Appliance has the capability to define a separate default route for encrypted traffic along with the
standard default route. Use the tunneled option in a default route statement to define a separate gateway
address for forwarding all encrypted traffic. The tunneled option does not support multiple equal-cost path
routes. Example 6-5 shows a Security Appliance configured with two default routes, one for the non-encrypted
traffic and another for encrypted traffic. Non-encrypted traffic for which there is no static or dynamically learned
route is forwarded to gateway 209.165.201.1. Encrypted traffic for which there is no static or dynamically
learned route is forwarded to gateway 209.165.201.2.
Example 6-5. Configuring Separate Default Routes for Encrypted and Non-Encrypted Traffic
hostname(config)# route outside 0.0.0.0 0.0.0.0 209.165.201.1
hostname(config)# route outside 0.0.0.0 0.0.0.0 209.165.201.2 tunneled
Figure 6-8 shows an example to configure a static and default route. A default route is configured to send all
traffic to the upstream device on the outside interface. Network A and Network B are nonconnected networks;
hence, two static routes are created that send traffic destined for Network A (172.
Pages:
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281