Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1142
Views
0
Helpful
3
Replies

routing internet traffic through ASA site-site tunnel

guru.pai.ccna
Level 1
Level 1

‎02-22-2007 08:06 AM

i have a site -site vpn tunnel between ASA 5510 and sonicwall. can i route all internet traffic from sonicwall through ASA. what is the configuration on ASA that needs to be done

Labels:
0 Helpful
3 Replies 3

Kamal Malhotra
Cisco Employee
Cisco Employee

‎02-22-2007 08:12 AM

Hi,

Yes, it is possible,

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

HTH,

Please rate if it helps.

Regards,

Kamal

0 Helpful

guru.pai.ccna
Level 1
Level 1
In response to Kamal Malhotra

‎02-22-2007 01:52 PM

Sir, unfortunately i am not able to access that link

i am being prompted for CCO username and password. though i am typing my normal CCO credentials, i am getting an error.

0 Helpful

mrinmoy.m
Level 1
Level 1
In response to guru.pai.ccna

‎02-24-2007 07:17 PM

Try out with this configuration----------

# Command that permits IPsec traffic to enter and exit the same interface.

same-security-traffic permit intra-interface

# The address pool for the VPN Clients.

ip local pool vpnpool x.x.x.x - x.x.x.x

nat-control

# The global address for Internet access used by VPN Clients.

Apply an address from your public range provided by your ISP.

global (outside) 1 x.x.x.x

# The NAT statement to define what to encrypt (the addresses from the vpn-pool).

nat (outside) 1 x.x.x.x 255.255.255.0

nat (inside) 1 0.0.0.0 0.0.0.0

# The configuration of group-policy for VPN Clients.

group-policy clientgroup internal

group-policy clientgroup attributes

vpn-idle-timeout 20

# Forces VPN Clients over the tunnel for Internet access.

split-tunnel-policy tunnelall

# Configuration of IPsec Phase 2.

crypto ipsec transform-set myset esp-3des esp-sha-hmac

# Crypto map configuration for VPN Clients that connect to this PIX.

crypto dynamic-map rtpdynmap 20 set transform-set myset

# Binds the dynamic map to the crypto map process.

crypto map mymap 20 ipsec-isakmp dynamic rtpdynmap

# Crypto map applied to the outside interface.

crypto map mymap interface outside

# Enable ISAKMP on the outside interface.

isakmp identity address

isakmp enable outside

# Configuration of ISAKMP policy.

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp policy 65535 authentication pre-share

isakmp policy 65535 encryption 3des

isakmp policy 65535 hash sha

isakmp policy 65535 group 2

isakmp policy 65535 lifetime 86400

telnet timeout 5

ssh timeout 5

console timeout 0

# Configuration of tunnel-group with group information for VPN Clients.

tunnel-group rtptacvpn type ipsec-ra

# Configuration of group parameters for the VPN Clients.

tunnel-group rtptacvpn general-attributes

address-pool vpnpool

# Disable user authentication.

authentication-server-group none

authorization-server-group LOCAL

# Bind group-policy parameters to the tunnel-group for VPN Clients.

default-group-policy clientgroup

tunnel-group rtptacvpn ipsec-attributes

pre-shared-key *

0 Helpful
Customers Also Viewed These Support Documents