Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
273
Views
0
Helpful
1
Replies

Internet via vpn link to the main office

ov
Level 1
Level 1

‎01-27-2009 12:39 AM - edited ‎02-21-2020 03:14 AM

Hi,

I have a central ASA5510 + ASA5505's at two remote offices. I want the remote offices to have all traffic directed over the vpn link to the central ASA, which then handles internet and lan traffic. I have a little trouble figuring out how this should be configured and routed.

Any help appreciated.

0 Helpful
1 Reply 1

Ivan Martinon
Level 7
Level 7

‎01-28-2009 06:55 AM

in a nutshell, you need to define this on each site:

Remote:

match address should be defined as pemit ip to any

nonat acl should be same as above.

Central ASA:

Match addres should be the mirror of the remote: permit ip any

nonat acl same as above.

NAT you need to define nat for the remote end leaving through this asa

nat (outside) X

Make sure there is a matching global on the same outside interface.

Routing should be ok as long as your default route for the central points out.

You also need to enable the command "same-security-traffic permit intra-interface"

With this config in place you should be able to accomplish.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card