02-04-2009 04:28 PM
I have a single ASA at a site that now has a second site connected over the internet. They want to tunnel all traffic from the remote site in through a vpn including traffic destined for the internet. Basically we want all traffic from the hub site tunneled in and also utilize the internet connection from the central site with the ASA.
Will the ASA allow us to do this?
Solved! Go to Solution.
02-04-2009 05:20 PM
Yes, ASA will allow you to do that as long as the ASA is the "hub" and you have the proper configuration in place. You need to adapt your interesting traffic to match the internet traffic "any" will be used as destination on your remote office and any will be use as your local network on your corporate ofice. You need to nat this remote network too and you will use the same-security traffic intra-interface command.
02-04-2009 05:20 PM
Yes, ASA will allow you to do that as long as the ASA is the "hub" and you have the proper configuration in place. You need to adapt your interesting traffic to match the internet traffic "any" will be used as destination on your remote office and any will be use as your local network on your corporate ofice. You need to nat this remote network too and you will use the same-security traffic intra-interface command.
10-21-2009 10:53 AM
I would really apreciate if you can please help me in this I am looking for Site to site VPN Deployment on a stick , Stick means on the outside interface of my main firewall VPN terminates and for some IP Destination for Internet it goest out from the same interface
I got the document for Eazy VPN but i am looking for Site to Site VPN
I have enables same security traffic and global (outside) 1 interface
nat (outside) 1 192.168.10.0 255.255.255.0
as well
but its is not helpful , as 192,168.10.0 is my remote site machines and i neet to PAT them inorder to send them on the internet
One more thing I dont want all traffic comming from tunnel to go on internet a part from some DEstination IP rest is required on my Inside LAN
10-27-2009 10:45 AM
Hi, so if I get this correctly you need to have hairpinning, or ipsec on a stick but for a VPN L2L connection, and what you added, based on the ezvpn config, is not working?
global (outside) 1 interface
nat (outside) 1 192.168.10.0 255.255.255.0
An you have the same security settings, yet your lan to lan is not being sent out to the internet using your Main ASA?
for instance make sure the nat you have defined has the "outside" keyword since this is required, as well how is your lan to lan setup meaning crypto acl, does it have specific to specific networks or specific to global network?
10-28-2009 02:39 AM
Thanks imartino , I have fixed it , there was one mistake in Crypto ACL. Thanks A lot
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide