Internet via vpn link to the main office

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Wed, 01/28/2009 - 06:55
User Badges:
  • Cisco Employee,

in a nutshell, you need to define this on each site:


Remote:


match address should be defined as pemit ip to any

nonat acl should be same as above.


Central ASA:


Match addres should be the mirror of the remote: permit ip any

nonat acl same as above.


NAT you need to define nat for the remote end leaving through this asa

nat (outside) X


Make sure there is a matching global on the same outside interface.


Routing should be ok as long as your default route for the central points out.


You also need to enable the command "same-security-traffic permit intra-interface"


With this config in place you should be able to accomplish.

Actions

This Discussion