02-22-2007 08:06 AM
i have a site -site vpn tunnel between ASA 5510 and sonicwall. can i route all internet traffic from sonicwall through ASA. what is the configuration on ASA that needs to be done
02-22-2007 08:12 AM
Hi,
Yes, it is possible,
HTH,
Please rate if it helps.
Regards,
Kamal
02-22-2007 01:52 PM
Sir, unfortunately i am not able to access that link
i am being prompted for CCO username and password. though i am typing my normal CCO credentials, i am getting an error.
02-24-2007 07:17 PM
Try out with this configuration----------
# Command that permits IPsec traffic to enter and exit the same interface.
same-security-traffic permit intra-interface
# The address pool for the VPN Clients.
ip local pool vpnpool x.x.x.x - x.x.x.x
nat-control
# The global address for Internet access used by VPN Clients.
Apply an address from your public range provided by your ISP.
global (outside) 1 x.x.x.x
# The NAT statement to define what to encrypt (the addresses from the vpn-pool).
nat (outside) 1 x.x.x.x 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0
# The configuration of group-policy for VPN Clients.
group-policy clientgroup internal
group-policy clientgroup attributes
vpn-idle-timeout 20
# Forces VPN Clients over the tunnel for Internet access.
split-tunnel-policy tunnelall
# Configuration of IPsec Phase 2.
crypto ipsec transform-set myset esp-3des esp-sha-hmac
# Crypto map configuration for VPN Clients that connect to this PIX.
crypto dynamic-map rtpdynmap 20 set transform-set myset
# Binds the dynamic map to the crypto map process.
crypto map mymap 20 ipsec-isakmp dynamic rtpdynmap
# Crypto map applied to the outside interface.
crypto map mymap interface outside
# Enable ISAKMP on the outside interface.
isakmp identity address
isakmp enable outside
# Configuration of ISAKMP policy.
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 65535 authentication pre-share
isakmp policy 65535 encryption 3des
isakmp policy 65535 hash sha
isakmp policy 65535 group 2
isakmp policy 65535 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
# Configuration of tunnel-group with group information for VPN Clients.
tunnel-group rtptacvpn type ipsec-ra
# Configuration of group parameters for the VPN Clients.
tunnel-group rtptacvpn general-attributes
address-pool vpnpool
# Disable user authentication.
authentication-server-group none
authorization-server-group LOCAL
# Bind group-policy parameters to the tunnel-group for VPN Clients.
default-group-policy clientgroup
tunnel-group rtptacvpn ipsec-attributes
pre-shared-key *
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide