VPN connection ( Branch office access internet from HQ)

Unanswered Question
Oct 12th, 2009
User Badges:

Dear All Expert,


I would like to ask all of you...

I had connection VPN HQ to branch already( i mean it is working) but the branch it cannot access internet so i would like to allow all the branch office access internet from my HQ. but at my HQ i had other one ASA for internet ,so i don't now how to allow or route ....?

Please help me to solve this issue..please kindly see in the attach file.

Hope all of you reply to me soon :)


Best Regards,





Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 10/13/2009 - 00:52
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello David,

configuration of ASA connecting to the internet has to be updated so that:


it knows that remote site IP subnet(s) are reachable via 10.2.2.1


this can be a static route using the interface where net 10.2.2.0 is defined.


(inside or DMZ or other name)


AND

it provides NAT services for clients in remote site IP subnet(s).


the ASA has to translate their source ip addresses to allow access to public internet.


This should mean a change in an ACL that defines NAT or similar activity.


see


http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1067863


Hope to help

Giuseppe


rechard_david Tue, 10/13/2009 - 19:13
User Badges:

Dear Giuseppe and Expert,


thank you for your reply,


could you help to edit my configuration on the attach file.

So, in the attach file the VPN site to site is working and internet ASA is working also,

i would like to u help me as below:

1- At HQ if the client assign gateway 10.2.2.2 the client can access internet but cannot access to Branch by VPN?

2- The Branch Cannot access internet? I mean the HQ provide Intenet to branch)


Best Regards,

REchard



Attachment: 

Actions

This Discussion