ASA5505 route specific website through VPN

precisionlab · ‎08-26-2010

Hi experts,

I have 2 ASA5505 with fully working VPN.

Main USA office local net is 192.168.0.0/24 and remote (Europe) is 192.168.1.0/24

The problem is that in Europe office they need to use one specific website (let say it's 70.70.70.70) which is refusing all traffic originating from country other than US...

Is there a way that I can route traffic to this website though VPN ?

I'm assuming I will have to add:

route 70.70.70.70 255.255.255.255 ????? 2

but what should I put as a gateway ?

2) I will have to add NAT exemption as well, right ? What would be the command ?

3) What about US ASA - do I ave to change anything in it's config ?

Thanks in advance,

Federico Coto Fajardo · ‎08-26-2010

Hi,

If I understand correctly you have a Site-to-Site tunnel between two ASA 5505s.

You need to send traffic from Europe to USA (through the tunnel) when going to a specific site.

In that case, you need to include traffic intended to the IP of the site through the tunnel on both sides.

Europe:

access-list nonat permit ip 192.168.1.0 255.255.255.0 host 70.70.70.70

access-list vpn permit ip 192.168.1.0 255.255.255.0 host 70.70.70.70

USA

access-list nonat permit ip host 70.70.70.70 192.168.1.0 255.255.255.0

access-list vpn permit ip host 70.70.70.70 192.168.1.0 255.255.255.0

''Make sure you change nonat and vpn for the real name of the ACLs''

Then, on USA...

nat (outside) 1 192.168.1.0 255.255.255.0

global (outside) 1 interface

same-security-traffic permit intra-interface

Do you see the idea?

Sending from Europe to USA through the tunnel all traffic intended to 70.70.70.70

Then on USA, redirecting the traffic to the Internet.

Federico.