Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1344
Views
0
Helpful
2
Replies

Site To Site HO Gateway

Salman.Baig
Level 1
Level 1

‎09-25-2020 02:28 AM

i have to same model firewalls i configure site to site IPsec vpn its working fine both sides LAN network accessible everything working fine. i want to all my branch internet traffic going to HO Firewall Gateway branch isp did not  use for internet traffic means my branch user internet traffic going out HO Firewall.is it possible is yes please help.

Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎09-25-2020 02:48 AM

Hi @Salman.Baig 

You need to amend your crypto map ACL that defines interesting traffic to include the networks 0.0.0.0/0.0.0.0.

On the HO ASA you will need to include the command same-security-traffic permit intra-interface and create a NAT rule to NAT the Branch traffic behind the HO office ASA outside interface.

 

HTH

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎09-25-2020 04:16 AM

Branch router point all traffic towards Tunnel interface towards HO

on HO maksure you allow the ACL and NAT available for this subnet to use internet.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card