×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Site-to-Site IPsec VPN with Internet Access

Unanswered Question
Sep 22nd, 2013
User Badges:

I have 2 sites(Site 1 and Site 2) which are connected via VPN using the ASA's with software version 8.4(2)

Attached are the configuration files for both the asa's.


Now i need to grant access to users behind site 2 to access internet as well as servers in the site 1  via the VPN. For that i do the following changes to asa on site 2


access-list inside extended permit icmp any any

access-list inside extended permit ip any any

access-list outside extended permit icmp any any

access-list outside extended permit ip any any


object network obj-server

host 192.168.67.17

nat (inside,outside) static 2.2.2.3


As soon as i add the above statements i am able to ping the hosts on the internet but i lose the ability to ping servers on site 1. Can someone help me in this regards.


Thanks

Jeff

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
thomas.busse Tue, 09/24/2013 - 02:54
User Badges:

Hi Jeff,


you need to add a NAT exemption for your VPN traffic, otherwise all your traffic directed to the outside is NATed to 2.2.2.3.


Try to add the following:


object network obj-192.168.67.0

subnet 192.168.67.0 255.255.255.0


object network obj-192.168.16.0

subnet 192.168.67.0 255.255.255.0


nat (any,outside) source static obj-192.168.67.0 obj-192.168.67.0 destination static obj-192.168.16.0 obj-192.168.16.0


Greetings,


Thomas




Actions

This Discussion

Related Content