cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
600
Views
0
Helpful
6
Replies

VPN non-standard configuration

lucas
Level 1
Level 1

Hello everybody,
I have to setup a non-standard configuration with Cisco ASA 5510:
First of all I have to realize a Lan-to-Lan VPN, and no problem on this:

LAN Inside --> CIsco ASA - Router ISP1 --> VPN L2L (10.10.10.x)

But at the same time the client want also that all Internet traffic goes to another ISP router, and this 2nd router is on the LAN Inside:

LAN Inside --> Cisco ASA --> Router ISP2 (192.168.0.253) --> Internet traffic.

How can I setup this config ?
I tried with the following static routes:

route inside 0.0.0.0 0.0.0.0 192.168.0.253
route outside 10.10.10.0 255.255.255.0 217.269.x.y

but it's does not works, due to NAT malfunction.

Any other ideas ?

Thank you in advance

1 Accepted Solution

Accepted Solutions

For me it is easier to change the default gateway ONE THE COMPUTERS to the hop Inside your LAN. (The ISP Router or whatever you have in the inside.) In that device (ISP Router or whatever u have)set the default gateway to the internet. And tell to this device that anything goint to the Remote LAN (the VPN Peer) must be sent to the ASA so the ASA will be able to provide comunication with the remote LAN Through the VPN

View solution in original post

6 Replies 6

Static (inside,inside) Network192.168.0.    Network192.168.0.

ASA(config) )same-security-traffic permit intra-interface

We have to do an identity NAT. We are going to NAT our network in the inside to the same Ip range when going to the inside as well.

Maybe this U-turn will help

Let me know.

Sorry for my late answer.

Thank you for your suggestion,

I have tried it but it does not work.

Regards

OK.

For me it is easier to change the default gateway to the hop Inside your LAN. (The ISP Router or whatever you have in the inside.) In that device set the default gateway to the internet. And tell to this device that anything goint to the Remote LAN (the VPN Peer) must be sent to the ASA so the ASA will be able to provide comunication with the remote LAN.

I hope it helps

For me it is easier to change the default gateway ONE THE COMPUTERS to the hop Inside your LAN. (The ISP Router or whatever you have in the inside.) In that device (ISP Router or whatever u have)set the default gateway to the internet. And tell to this device that anything goint to the Remote LAN (the VPN Peer) must be sent to the ASA so the ASA will be able to provide comunication with the remote LAN Through the VPN

Hi Diego,

I agree with you, this is the best way to solve our client request.

Thank you

Luca

hi there,

if you dont have problem to comunicate with VPN-s thought ISP1 and after you have configure the route you just should configure these steps

global (outside) 1 1217.269.x.y or interface

nat (inside) 1 0.0.0.0 0.0.0.0 (or you can specify IPs whitch can go out throught this port)

hope is heplfull.

Regards.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: