09-04-2008 04:58 AM - edited 02-21-2020 02:59 AM
I have configured Site-Site VPN tunnel between 2 ASA 5505 firewalls (from corporate to branch office).I Can ping both networks. I Would like to route internet traffic through VPN from Branch office to Corporate and would like to pass the traffic through ISA. We have ISA cofigured parallel to ASA 5505 at corporate network. Is it possible?
09-04-2008 05:54 AM
Hello,
Yes it is possible. Can you ping your ISA server ? If yes , then you do not need to change anything on VPN devices. Just configure Internet browser for ISA server.It should work.
HTH
Saju
09-05-2008 01:31 AM
Thank you, but we would like to route all the traffic through VPN, is it possible?
09-05-2008 05:30 AM
Yes, just add all traffic to the interesting traffic and nat 0 acl. If x.x.x.x/24 is the network you wish to tunnel then...
access-list
access-list
This will force all traffic from your networks over the tunnel. You will also need to add the mirror of the first acl on the other end.
access-list
09-05-2008 06:07 AM
Thanks for the information all!
But, I forgot to add that I have the access list as well as the crypto maps defined. If I didn't have this, I could not set up the tunnel. Also, I could not ping my workstation from another workstation within the ASA network.
My only problem is that from the ASA CLI, I cannot tftp to my workstation within the fortigate network.
Other than that, communication between devices within both networks can communicate with one another through the tunnel.
So, is there a special command or configuration I need to have in order to tftp from the ASA to network device outside the ASA's network?
Thanks in advance again
09-05-2008 06:14 AM
Answered in your other post.
09-05-2008 06:14 AM
Hi All,
I just found it. In the configuration mode, you have to use the tftp-server command to configure an explicit device to tftp.
Thank you all for your advice!
09-07-2008 11:24 PM
Thanks, but is there any way to specify all the traffic through VPN, irespective of networks,as We do not want to specify the ISA as proxy in internet explorer in remote location
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide