03-23-2010 01:51 PM - edited 03-11-2019 10:25 AM
Removed
Solved! Go to Solution.
03-24-2010 05:03 AM
For your router LAN to be able to route Internet traffic to the VPN tunnel towards the ASA, the crypto ACL needs to be:
On router: 10.14.0.0 0.0.255.255 any
On ASA: any 10.14.0.0 255.255.0.0
On ASA, if you are routing the internet traffic out the outside interface of the ASA, you would need to configure the following:
same-security-traffic permit intra-interface
And because the router LAN 10.14.0.0/16 is private ip address, before being routed towards the Internet on the ASA end, it needs to be PATed to public IP, hence you need to configure:
nat (outside) x 10.14.0.0 255.255.0.0
global (outside) x a.b.c.d
OR/ you can use existing global sequence for example:
nat (outside) 10 10.14.0.0 255.255.0.0
which will use the corresponding global address of 12.69.103.129
Hope that helps.
03-24-2010 05:03 AM
For your router LAN to be able to route Internet traffic to the VPN tunnel towards the ASA, the crypto ACL needs to be:
On router: 10.14.0.0 0.0.255.255 any
On ASA: any 10.14.0.0 255.255.0.0
On ASA, if you are routing the internet traffic out the outside interface of the ASA, you would need to configure the following:
same-security-traffic permit intra-interface
And because the router LAN 10.14.0.0/16 is private ip address, before being routed towards the Internet on the ASA end, it needs to be PATed to public IP, hence you need to configure:
nat (outside) x 10.14.0.0 255.255.0.0
global (outside) x a.b.c.d
OR/ you can use existing global sequence for example:
nat (outside) 10 10.14.0.0 255.255.0.0
which will use the corresponding global address of 12.69.103.129
Hope that helps.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: