routing internet traffic through ASA site-site tunnel

Unanswered Question
Feb 22nd, 2007

i have a site -site vpn tunnel between ASA 5510 and sonicwall. can i route all internet traffic from sonicwall through ASA. what is the configuration on ASA that needs to be done

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
guru.pai.ccna Thu, 02/22/2007 - 13:52

Sir, unfortunately i am not able to access that link

i am being prompted for CCO username and password. though i am typing my normal CCO credentials, i am getting an error.

mrinmoy.m Sat, 02/24/2007 - 19:17

Try out with this configuration----------

# Command that permits IPsec traffic to enter and exit the same interface.

same-security-traffic permit intra-interface

# The address pool for the VPN Clients.

ip local pool vpnpool x.x.x.x - x.x.x.x


# The global address for Internet access used by VPN Clients.

Apply an address from your public range provided by your ISP.

global (outside) 1 x.x.x.x

# The NAT statement to define what to encrypt (the addresses from the vpn-pool).

nat (outside) 1 x.x.x.x

nat (inside) 1

# The configuration of group-policy for VPN Clients.

group-policy clientgroup internal

group-policy clientgroup attributes

vpn-idle-timeout 20

# Forces VPN Clients over the tunnel for Internet access.

split-tunnel-policy tunnelall

# Configuration of IPsec Phase 2.

crypto ipsec transform-set myset esp-3des esp-sha-hmac

# Crypto map configuration for VPN Clients that connect to this PIX.

crypto dynamic-map rtpdynmap 20 set transform-set myset

# Binds the dynamic map to the crypto map process.

crypto map mymap 20 ipsec-isakmp dynamic rtpdynmap

# Crypto map applied to the outside interface.

crypto map mymap interface outside

# Enable ISAKMP on the outside interface.

isakmp identity address

isakmp enable outside

# Configuration of ISAKMP policy.

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp policy 65535 authentication pre-share

isakmp policy 65535 encryption 3des

isakmp policy 65535 hash sha

isakmp policy 65535 group 2

isakmp policy 65535 lifetime 86400

telnet timeout 5

ssh timeout 5

console timeout 0

# Configuration of tunnel-group with group information for VPN Clients.

tunnel-group rtptacvpn type ipsec-ra

# Configuration of group parameters for the VPN Clients.

tunnel-group rtptacvpn general-attributes

address-pool vpnpool

# Disable user authentication.

authentication-server-group none

authorization-server-group LOCAL

# Bind group-policy parameters to the tunnel-group for VPN Clients.

default-group-policy clientgroup

tunnel-group rtptacvpn ipsec-attributes

pre-shared-key *


This Discussion