How to route specific internet traffic through a site-to-site vpn

peter · ‎08-09-2017

Hi

There is a site-to-site vpn between site A & B and they can both access each others inside networks.
However the "Internet Cloude service" (170.16.0.10) only allowes traffic from site A's IP (100.0.0.10) but site B (200.0.0.10) also need to acces it.

So my question is, how do I send traffic to 170.16.0.10 from site B through the site-to-site tunnel to site A, and have site A forward the traffic to 170.16.0.10?

Site A (ASA-5506):
outside IP 100.0.0.10/24
inside IP 192.168.0.1/24

Site B (ASA-5505):
outside IP 200.0.0.10/24
inside IP 192.168.10.1/24

Internet Cloude service:
IP 170.16.0.10

Regards

Peter

Rahul Govindan · ‎08-09-2017

Gist of the changes -

On Site B:

Nat exemption between local network and 170.16.0.10

Add 170.16.0.10 as remote network/proxy on crypto ACL

On site A:

Nat rule between outside and outside interface which does a PAT translation for Site B network when accessing 170.16.0.10.

Add 170.16.0.10 as local network/proxy on the crypto ACL.

Enable "same-security traffic permit intra-interface"