Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
748
Views
5
Helpful
7
Replies

Site-Site VPN, allow internet traffic through VPN

psireeshap
Level 1
Level 1

‎09-04-2008 04:58 AM - edited ‎02-21-2020 02:59 AM

I have configured Site-Site VPN tunnel between 2 ASA 5505 firewalls (from corporate to branch office).I Can ping both networks. I Would like to route internet traffic through VPN from Branch office to Corporate and would like to pass the traffic through ISA. We have ISA cofigured parallel to ASA 5505 at corporate network. Is it possible?

0 Helpful
7 Replies 7

singhsaju
Level 4
Level 4

‎09-04-2008 05:54 AM

Hello,

Yes it is possible. Can you ping your ISA server ? If yes , then you do not need to change anything on VPN devices. Just configure Internet browser for ISA server.It should work.

HTH

Saju

0 Helpful

psireeshap
Level 1
Level 1
In response to singhsaju

‎09-05-2008 01:31 AM

Thank you, but we would like to route all the traffic through VPN, is it possible?

0 Helpful

acomiskey
Level 10
Level 10
In response to psireeshap

‎09-05-2008 05:30 AM

Yes, just add all traffic to the interesting traffic and nat 0 acl. If x.x.x.x/24 is the network you wish to tunnel then...

access-list extended permit ip x.x.x.x 255.255.255.0 any

access-list extended permit ip x.x.x.x 255.255.255.0 any

This will force all traffic from your networks over the tunnel. You will also need to add the mirror of the first acl on the other end.

access-list extended permit ip any x.x.x.x 255.255.255.0

bluecrescentmoon
Level 1
Level 1
In response to acomiskey

‎09-05-2008 06:07 AM

Thanks for the information all!

But, I forgot to add that I have the access list as well as the crypto maps defined. If I didn't have this, I could not set up the tunnel. Also, I could not ping my workstation from another workstation within the ASA network.

My only problem is that from the ASA CLI, I cannot tftp to my workstation within the fortigate network.

Other than that, communication between devices within both networks can communicate with one another through the tunnel.

So, is there a special command or configuration I need to have in order to tftp from the ASA to network device outside the ASA's network?

Thanks in advance again

0 Helpful

acomiskey
Level 10
Level 10
In response to bluecrescentmoon

‎09-05-2008 06:14 AM

Answered in your other post.

0 Helpful

bluecrescentmoon
Level 1
Level 1
In response to bluecrescentmoon

‎09-05-2008 06:14 AM

Hi All,

I just found it. In the configuration mode, you have to use the tftp-server command to configure an explicit device to tftp.

Thank you all for your advice!

0 Helpful

psireeshap
Level 1
Level 1
In response to acomiskey

‎09-07-2008 11:24 PM

Thanks, but is there any way to specify all the traffic through VPN, irespective of networks,as We do not want to specify the ISA as proxy in internet explorer in remote location

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card