Starting from image 7.4.x.x, we can point the trafffic towards a VPN tunnel. A branch office Mobility Access Switch has VPN tunnel which terminates on a Firewall. Any client non-corporate traffic from Mobility Access Switch is forwarded to the firewall through the VPN tunnel. This requires a default gateway route on Mobility Access Switch pointing to a VPN tunnel.
Environment : Remote Networking
A branch office Mobility Access Switch has VPN tunnel towards the corporate network.
Configuring Default Route to VPN:
You can use the following command to configure the default route to a VPN tunnel:
(host) (config) #crypto-local ipsec-map <map-name> <map-number>
(host) (config-ipsec-map) #dst-net 0.0.0.0 0.0.0.0
Sample Configuration:
(host) (config) #crypto-local ipsec-map map-firewall 10
(host) (config-ipsec-map) # peer-ip 20.1.1.2
(host) (config-ipsec-map) # local-fqdn test.arubanetworks.com
(host) (config-ipsec-map) # interface vlan 2
(host) (config-ipsec-map) # src-net 4.1.1.0 255.255.255.255
(host) (config-ipsec-map) # dst-net 0.0.0.0 0.0.0.0
Verifying Default Route Configuration:
Use the following command to verify the default route to VPN configuration:
(host) #show ip route
Codes: C - connected
O - OSPF, O(IA) - OSPF inter area
O(E1) - OSPF external type 1, O(E2) - OSPF external type 2
O(N1) - OSPF NSSA type 1, O(N2) - OSPF NSSA type 2
M - mgmt, S - static, * - candidate default
D - DHCP
C 0.0.0.0 /0 [1] is an ipsec map: map-firewall