ASA5505 route specific website through VPN

Unanswered Question
Aug 26th, 2010
User Badges:

Hi experts,

I have 2 ASA5505 with fully working VPN.

Main USA office local net is and remote (Europe) is

The problem is that in Europe office they need to use one specific website (let say it's which is refusing all traffic originating from country other than US...

Is there a way that I can route traffic to this website though VPN ?

I'm assuming I will have to add:

route ????? 2

but what should I put as a gateway ?

2) I will have to add NAT exemption as well, right ? What would be the command ?

3) What about US ASA - do I ave to change anything in it's config ?

Thanks in advance,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Thu, 08/26/2010 - 16:39
User Badges:
  • Green, 3000 points or more


If I understand correctly you have a Site-to-Site tunnel between two ASA 5505s.

You need to send traffic from Europe to USA (through the tunnel) when going to a specific site.

In that case, you need to include traffic intended to the IP of the site through the tunnel on both sides.


access-list nonat permit ip host

access-list vpn permit ip host


access-list nonat permit ip host

access-list vpn permit ip host

''Make sure you change nonat and vpn for the real name of the ACLs''

Then, on USA...

nat (outside) 1

global (outside) 1 interface

same-security-traffic permit intra-interface

Do you see the idea?

Sending from Europe to USA through the tunnel all traffic intended to

Then on USA, redirecting the traffic to the Internet.



This Discussion