Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

L2L setup with internet access

Hi All,

I have set up and L2L vpn between my host site and a small two person office using my asa 5510 and a little netgear vpn router. I wish for the users to have to come to the head office for internet. I can access all the resources and such but the internet is not working from the site. I have made sure I have the same-security-traffic permit intra-interface command on my asa. Maybe I am missing a route? Can someone point me in the right direction?

TIA,

R

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: L2L setup with internet access

Yes...

global (outside) 1 x.x.x.1

global (outside) 10 x.x.x.2

global (outside) 20 x.x.x.3

nat (inside) 1 192.168.1.0 255.255.255.0

nat (inside) 10 192.168.10.0 255.255.255.0

nat (outside) 20 192.168.20.0 255.255.255.0

7 REPLIES
Green

Re: L2L setup with internet access

Here ya go...this document is for vpn client but is same for l2l. It is called public internet on a stick.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

New Member

Re: L2L setup with internet access

Thank you for your response. I think I may have an issue with this.

If I apply the command:

split-tunnel-policy tunnelall

How will this affect my normal vpn clients who do infact use split tunneling to access the internet via their local gateway? i already have the following in my config:

split-tunnel-policy tunnelspecified

Will this negatively affect my current setup?

thanks

Green

Re: L2L setup with internet access

You should be able to create a separate group policy, apply that group policy to the l2l tunnel group and configure tunnelall in that group policy only. Make sense? Most likely your remote access vpn clients are on a different policy than your l2l tunnel anyway.

Green

Re: L2L setup with internet access

Actually, my mistake, since the document is for remote access vpn, it uses split tunnel policy. But since you have a l2l tunnel, you will not have to worry about split tunnel policy, you will just have to make sure that all the traffic from the remote end goes over the tunnel :-)

Here are the important parts of the config...

same-security-traffic permit intra-interface

global (outside) 1 172.18.124.166

nat (outside) 1 192.168.10.0 255.255.255.0

New Member

Re: L2L setup with internet access

Ah! I see now. back to pix basics...are you allowed to have more than one global statement?

Green

Re: L2L setup with internet access

Yes...

global (outside) 1 x.x.x.1

global (outside) 10 x.x.x.2

global (outside) 20 x.x.x.3

nat (inside) 1 192.168.1.0 255.255.255.0

nat (inside) 10 192.168.10.0 255.255.255.0

nat (outside) 20 192.168.20.0 255.255.255.0

New Member

Re: L2L setup with internet access

Thank you very much for your help!

322
Views
5
Helpful
7
Replies
CreatePlease to create content