Internet through VPN

batumibatumi · ‎05-13-2008

Friends,

i have 2 Cisco ASA FW. First one is ASA 5520 and second 5505. they are connected with eachouther via VPN and work OK. ASA 5520 is main and its inside users could reach the Internet. my task is that users of ASA 5505 could to reach internet via VPN. i mean ASA 5505 user have access in internet via VPN.... plz, help me

acomiskey · ‎05-13-2008

5520-

same-security-traffic permit intra-interface

global (outside) 1 interface

nat (outside) 1

access-list extended permit ip any

access-list extended permit ip

nat (inside) 0 access-list

crypto map # match address

5505

access-list extended permit ip any

nat (inside) 0 access-list

crypto map # match address

batumibatumi · ‎05-13-2008

Thank you... :)))

I'm ysing ASDM for configuring VPN connections between ASA's... Do U know book or artical for ASDM in this situatoin... Can U help me.

kevin.corace · ‎05-14-2008

Have you considered EZVPN with no split tunneling? 5520 as the EZVPN Server and 5505 as the EZVPN client. Then you can tunnel all through the 5520 including outbound traffic.

You will also need your NAT statement for the 5505 internal subnet and on the 5520 "permit traffic intra interface".

batumibatumi · ‎05-14-2008

Thanks for answering but it is not pritty clear for me :((( Do U know artical or book, how to permit internet via VPN ?! PLZ, help me ... :)))

batumibatumi · ‎05-14-2008

I'm making VPN site-to-site connection between ASA's with no problem (using ASDM)... But how reach to access Internet via VPN i still can not understand how to config it... ((( And i also could not to find any book or artical about this scenario... :((( its very important for me, hope somebudy'll give me a wise advice.

THX, in advance )))

batumibatumi · ‎05-15-2008

This days i have been searching book and article about how to reach inetrnet via VPN. Nowhere could find nothing intresting ... please, give me a advice how to resolve this problem...