Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
606
Views
0
Helpful
2
Replies

external access through site to site ipsec tunnel

Go to solution
hansspark
Level 1
Level 1

‎12-20-2010 05:54 AM - edited ‎02-21-2020 05:02 PM

Hi all

I configured  site to site ipsec VPN b/w Cisco ASA5510 Router (site1) and sonicwall router (site2) .  I can access both LAN subnets.

But what I need is , route traffic from site2 to a particular public ip to ipsec tunnel and then to internet through cisco router.

I updated ipsec policy in sonicwall, So that the traffic to that ip will be routed to ipsec and all other traffic will go through default gateway  (sonicwall).

I then monitored the packets on Cisco ASA5510 Router  with ASDM and found that the packets destined to that particular ip is reaching cisco router.

But still I can't access that ip from site2. I think there must be some rules to allow that ip . And also I am not sure whether it is  possible to

access internet through ipsec tunnel. ? I searched a lot and couldn't find any useful tips. And also I don't want to pass all internet traffic to ipsec.

Thanks

Hans

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jitendriya Athavale
Cisco Employee
Cisco Employee

‎12-20-2010 07:07 AM

this is some what similar only difference in the example below it is the vpn clients for which internet access needs to be provided, but in your cae internet access is for certain ip from a asite to site tunnel

you will be interested in hairpinning section

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml

to give a brief idea

nat (outside) 1

global (outside) 1 interface

same-security-traffic permit intra interface

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jitendriya Athavale
Cisco Employee
Cisco Employee

‎12-20-2010 07:07 AM

this is some what similar only difference in the example below it is the vpn clients for which internet access needs to be provided, but in your cae internet access is for certain ip from a asite to site tunnel

you will be interested in hairpinning section

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml

to give a brief idea

nat (outside) 1

global (outside) 1 interface

same-security-traffic permit intra interface

0 Helpful

Go to solution
hansspark
Level 1
Level 1
In response to Jitendriya Athavale

‎12-21-2010 03:58 AM

Thanks a lot jathaval...

Actually I already had same-security-traffic permit intra interface , But nat (outside) 1   did the magic.

Thanks Buddy..

0 Helpful
Customers Also Viewed These Support Documents