Re: Site to Site VPN (Full Tunnel)

Kanes Ramasamy · ‎03-26-2018

Hi All,

I need some help with configuring VPN.

The current VPN configuration works fine without any issues, however, we would like to route all traffic from SITE A to HQ via Site to Site VPN (including Internet traffic).

MY proposed configuration would be as below, please advise if this will be sufficient for me to route all traffic via the VPN tunnel or am I missing out something.

HQ:

====

Config t

access-list ACL_TEST extended permit ip any object TEST_LAN

NAT:

=====

object network TEST_LAN

nat (outside,outside) dynamic interface // This will access to Internet//

REMOTE:

=======

Config t

object-group network TEST_Network

network-object 172.20.67.0 255.255.255.128

network-object 172.20.68.0 255.255.255.0

network-object 172.20.67.248 255.255.255.248

object-group network HQ_Network

network-object 0.0.0.0 0.0.0.0 ( I am not sure if this will work)

ACL for VPN traffic:

================

access-list VPN_TRAFFIC extended permit ip object TEST_Network any

NAT:

===

nat (inside,outside) 1 source static TEST_Network TEST_Network destination HQ_Network HQ_Network

Please assist and thanks in advance for your assistance.

Regards,

Kanes.R

GioGonza · ‎03-26-2018

Hello @Kanes Ramasamy,

Based on you configuration, everything seems to be OK. You shouldn´t have any problem with the traffic, apply the commands and let me know how it goes.

HTH

Gio

AntWrig · ‎04-29-2019

I know this is an old post but I would like some clarification on this part:

HQ:

====

Config t

access-list ACL_TEST extended permit ip any object TEST_LAN

NAT:

=====

object network TEST_LAN

nat (outside,outside) dynamic interface // This will access to Internet//

Is the object "Test_Lan" the local or remote lan?