07-18-2008 04:49 AM - edited 02-21-2020 03:50 PM
Hi,
We have one central site and six branch offices.
I can easily configure site-to-site VPN tunnel between HQ and all branches, using split-tunneling, so only LAN-to-LAN connection goes over VPN tunnel.
Now we want to centralized all traffic, including Internet-destined, so all branches will go to internet over our HQ internet links.
At HQ site we have ASA 5510 (which is terminating point for VPN connections), and want to monitor all traffic, using either Websense or CSC module for ASA.
The question is: How to configure this? :)
Best Regards
Branko
Solved! Go to Solution.
07-18-2008 04:55 AM
disable split tunneling and in your crypto acl's use a permit ip x.x.x.x x.x.x.x any statement on the remote.
at hq, the crypto acl will be permit ip any x.x.x.x x.x.x.x.
at HQ, enable the same security permit intra interface feature.
07-18-2008 04:55 AM
disable split tunneling and in your crypto acl's use a permit ip x.x.x.x x.x.x.x any statement on the remote.
at hq, the crypto acl will be permit ip any x.x.x.x x.x.x.x.
at HQ, enable the same security permit intra interface feature.
07-22-2008 12:58 AM
Finally, I tried your sugestion, and with a little configuration changes on ASA (I had already enabled same security feature) it's working now.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide