Allow Internet from remote site -site VPN through ASA at Corp office
We have a client that is currently using PIX 506E at the Main office and at several sites doing site-to-site VPN. All of the users at the Remote sites access the Internet through the Main site, this is currently being handled by a Linux firewall. The client would like to retire the Linux firewall and just use one firewall for the VPNs and Internet access, along with potential URL filtering at the Main office. Is this support configuration on an ASA?
Re: Allow Internet from remote site -site VPN through ASA at Cor
I think this should be possible with the ASA using the permit intra interface command.
What you need is to tunnel all traffic from the remote locations to the ASA and then configure permit intra interface and then have the ASA NAT to a valid routable IP for internet access. And then use Websense or N2H2 to do content filtering.
Please refer the below URL, even though this is for VPN Client, I am sure that you can apply the same concept to the L2L Tunnel as well.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...