cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
530
Views
0
Helpful
9
Replies

internet traffic throug site-to-site vpn

rtmnl4300
Level 1
Level 1

Hi,

I have a site-to-site VPN (office A & office B) setup. The VPN tunnel is running fine. What I want to achieve now is to have all the internet traffic pass through the tunnel from office B to A. So office B will be my gateway for all the traffic. So if I am in office A I can internet through office B via the VPN.

Do you have any ideas or configuration examples to do this?

9 Replies 9

Kamal Malhotra
Cisco Employee
Cisco Employee

Hi,

This is possible depending on the topology and the hardware/software of the tunnel endpoints (device A and B). So please let us know what hardware and software is being used for tunnel termination on each end especially on Site A so thata we can suggest you something.

Regards,

Kamal

Hi,

I forgot to metion that I am using 2 pix 506 with 6.3 (5) software on each site.

Here is also the config of office A

here is it.

Sorry, not gonna happen with 6. Here is what you would have done if you had 7.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

ok, so software 6 will not help me with this, i need to upgrade to software 7 right?

can the 506 series take software 7?

or my other option is to use the vpn client, and do split tunneling? from office A

The PIX 501, PIX 506/506E, and PIX 520 security appliances are not supported in software Version 7.0.

Second part of you question, what do you want to accomplish?

ok, so the only thing that I can do is to configure the remote access vpn on the 506 pix in office B. So the user will be able to internet with the VPN client. Is this possible with the VPN client ver.4.6 ?

They should be able to get to the internet with the tunnel in place. It just won't be bouncing off the head end pix.

Hi,

You need to configure a regular LAN to LAN tunnel. You will not be able to redirect the internet traffic from a PIX 506 running 6.3.5. However if you have a proxy server behind the PIX B then you will be able to redirect it from the proxy server. Please be informed that it will be the HTTP traffic only in that case. If this is how you wanna go about it then you need to configure destination 'any' in the PIX A's crypto ACL and 'any' as source in the PIX B's crypto ACL.

If you don't have the proxy server, then you need to define specific subnets in the crypto ACL on each end.

HTH,

Please rate if it helps.

Regards,

Kamal

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: