Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
661
Views
5
Helpful
7
Replies

L2L setup with internet access

Go to solution
rhltechie
Level 1
Level 1

‎03-29-2007 12:30 PM - edited ‎03-09-2019 05:42 PM

Hi All,

I have set up and L2L vpn between my host site and a small two person office using my asa 5510 and a little netgear vpn router. I wish for the users to have to come to the head office for internet. I can access all the resources and such but the internet is not working from the site. I have made sure I have the same-security-traffic permit intra-interface command on my asa. Maybe I am missing a route? Can someone point me in the right direction?

TIA,

R

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
acomiskey
Level 10
Level 10
In response to rhltechie

‎03-29-2007 01:00 PM

Yes...

global (outside) 1 x.x.x.1

global (outside) 10 x.x.x.2

global (outside) 20 x.x.x.3

nat (inside) 1 192.168.1.0 255.255.255.0

nat (inside) 10 192.168.10.0 255.255.255.0

nat (outside) 20 192.168.20.0 255.255.255.0

View solution in original post

0 Helpful
7 Replies 7

Go to solution
acomiskey
Level 10
Level 10

‎03-29-2007 12:38 PM

Here ya go...this document is for vpn client but is same for l2l. It is called public internet on a stick.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

0 Helpful

Go to solution
rhltechie
Level 1
Level 1
In response to acomiskey

‎03-29-2007 12:41 PM

Thank you for your response. I think I may have an issue with this.

If I apply the command:

split-tunnel-policy tunnelall

How will this affect my normal vpn clients who do infact use split tunneling to access the internet via their local gateway? i already have the following in my config:

split-tunnel-policy tunnelspecified

Will this negatively affect my current setup?

thanks

0 Helpful

Go to solution
acomiskey
Level 10
Level 10
In response to rhltechie

‎03-29-2007 12:44 PM

You should be able to create a separate group policy, apply that group policy to the l2l tunnel group and configure tunnelall in that group policy only. Make sense? Most likely your remote access vpn clients are on a different policy than your l2l tunnel anyway.

0 Helpful

Go to solution
acomiskey
Level 10
Level 10
In response to acomiskey

‎03-29-2007 12:55 PM

Actually, my mistake, since the document is for remote access vpn, it uses split tunnel policy. But since you have a l2l tunnel, you will not have to worry about split tunnel policy, you will just have to make sure that all the traffic from the remote end goes over the tunnel :-)

Here are the important parts of the config...

same-security-traffic permit intra-interface

global (outside) 1 172.18.124.166

nat (outside) 1 192.168.10.0 255.255.255.0

Go to solution
rhltechie
Level 1
Level 1
In response to acomiskey

‎03-29-2007 12:58 PM

Ah! I see now. back to pix basics...are you allowed to have more than one global statement?

0 Helpful

Go to solution
acomiskey
Level 10
Level 10
In response to rhltechie

‎03-29-2007 01:00 PM

Yes...

global (outside) 1 x.x.x.1

global (outside) 10 x.x.x.2

global (outside) 20 x.x.x.3

nat (inside) 1 192.168.1.0 255.255.255.0

nat (inside) 10 192.168.10.0 255.255.255.0

nat (outside) 20 192.168.20.0 255.255.255.0

0 Helpful

Go to solution
rhltechie
Level 1
Level 1
In response to acomiskey

‎03-29-2007 01:09 PM

Thank you very much for your help!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents