IPSEC tunnel address spoofing errors

Unanswered Question
Nov 3rd, 2008

I have an ASA 5520 cofigured for IPSEC

and i inted to tunnel all internet traffic through the tunnel to get ( no split tunneling)

The ASA is sitting behhind and external firewall and i had to do NAT transaltions for the outside interface .

My problem is this: Remote access VPN connection is fine and i can access all the resources on my remote network as well as all internal websites.

but i cannot access other internet traffic.

i had to enable same-security traffic on the outside interface because the firewall oth the ASA sees the traffic as a loop and drops it.

but on the other hand my external firewall sees the traffic as an ip spoof and drops it as well,because it sees the internet traffic request coming form it's internal interfaces.

any suggestions

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sp9348505 Mon, 11/03/2008 - 19:09

Tried that it didn't work for me,

i believe what needs to be achieved is a sort of translation of the internet source address to appear as if coming from the HQ end of the IPSEC tunnel, i'm trying to access the internet through the perimeter firewall at HQ, but this same firewall see the real source address of the http request as that of the remote user depite tunneling all the traffic through the iPSEC tunnel..

your feedback would be apprciated..

sp9348505 Tue, 11/04/2008 - 05:59

You rock!!!!!!

after a little tweaking, it worked like a charm...

Thnaks !

Farrukh Haroon Tue, 11/04/2008 - 06:03

No problem buddy, glad to know its working :)

Please rate if helpful.




This Discussion