No internet access thru site to site VPN tunnel on ASA

Unanswered Question
Oct 15th, 2008
User Badges:

We have a complicated set up of 4 ASA5505's that all have site to site tunnels to a 5th ASA5505 which is connected to our LAN. All the L2L tunnels are up and can access network resources, but none of them can access the internet. I want internet traffic to pass thru the vpn tunnel and return thru the tunnel. Can someone point me to an example of this setup?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Thu, 10/16/2008 - 05:00
User Badges:
  • Green, 3000 points or more

Sure, on the main site ASA, you can set something up like this....


same-security-traffic permit intra-interface

global (outside) 1 interface

nat (outside) 1

nat (outside) 1

etc...


You will also need to confirm that all traffic from the remote sites is traversing the tunnel. Something like....


Remote ASA

access-list crypto1 extended permit ip any

access-list inside_nat0_outbound extended permit ip any


Main ASA

access-list crypto1 extended permit ip any


Actions

This Discussion