Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ov
New Member

Internet via vpn link to the main office

Hi,

I have a central ASA5510 + ASA5505's at two remote offices. I want the remote offices to have all traffic directed over the vpn link to the central ASA, which then handles internet and lan traffic. I have a little trouble figuring out how this should be configured and routed.

Any help appreciated.

1 REPLY

Re: Internet via vpn link to the main office

in a nutshell, you need to define this on each site:

Remote:

match address should be defined as pemit ip to any

nonat acl should be same as above.

Central ASA:

Match addres should be the mirror of the remote: permit ip any

nonat acl same as above.

NAT you need to define nat for the remote end leaving through this asa

nat (outside) X

Make sure there is a matching global on the same outside interface.

Routing should be ok as long as your default route for the central points out.

You also need to enable the command "same-security-traffic permit intra-interface"

With this config in place you should be able to accomplish.

124
Views
0
Helpful
1
Replies