Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
502
Views
0
Helpful
2
Replies

forwarding trough vpn

Javi Benito
Level 1
Level 1

‎02-02-2011 07:51 AM

Hi,

The scenario is this:

                                                                                                                                                        Proxy

                                                                                                                                                           |

Remote LAN (10.10.30.0/24) ----Cisco ASA (VPN) --------------WAN-----------------Stonegate------------- HQLAN (10.10.10.0/24)

                                                                                                                       |

                                                                                                                       |

                                                                                                                   Router cisco (Ipsec) not managed by me

                                                                                                                       |  

                                                                                                                   WAN2 (Supplier Network)

Hosts of the remote Lan, access to internet trough Web proxy of HQLan. Now I've configured Cisco ASA to send internet connections directly to the Internet without having to go to the HQ Lan.

The problem now is that one of our suppliers has a web page that only can access trough Ipsec site to site connection installed in HQ.

I would like to know how can I configure Cisco ASA to forward webpage connections from Remote LAN to Cisco Ipsec supplier line.

Best Regards,

Javi

Labels:
0 Helpful
2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

‎02-02-2011 09:54 AM

If you configure split tunnel for the remote VPN, you would need to include the supplier's LAN subnet (that is specified in the LAN-to-LAN tunnel between the supplier and your company) in the split tunnel access-list.

Secondly, in the LAN-to-LAN tunnel to the supplier, you would also have to add crypto access-list line between the remote VPN subnet to the supplier LAN, and a mirror image access-list on the supplier end of the VPN tunnel.

Lastly, if you are terminating the VPN tunnel of the supplier on the same ASA that terminates the remote vpn, then the traffic from remote LAN towards the supplier would be u-turn on the ASA outside interface, and you would need to add:

same-security-traffic permit intra-interface

Hope that helps.

0 Helpful

Javi Benito
Level 1
Level 1
In response to Jennifer Halim

‎02-02-2011 11:53 PM

Hi,

"Secondly, in the LAN-to-LAN tunnel to the supplier, you would also have to add crypto access-list line between the remote VPN subnet to the supplier LAN, and a mirror image access-list on the supplier end of the VPN tunnel."

The VPN is configured in the Supplier Cisco Router. I only have configured a routing table in Stonegate Firewall with the ip addresses of the suppliers web server, to send these connections to this router.

"Lastly, if you are terminating the VPN tunnel of the supplier on the same ASA that terminates the remote vpn, then the traffic from remote LAN towards the supplier would be u-turn on the ASA outside interface, and you would need to add:

same-security-traffic permit intra-interface"

The tunnel terminates in the supplier Cisco Router.

Thanks in advanced.

0 Helpful
Customers Also Viewed These Support Documents