Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site-Site VPN, allow internet traffic through VPN

I have configured Site-Site VPN tunnel between 2 ASA 5505 firewalls (from corporate to branch office).I Can ping both networks. I Would like to route internet traffic through VPN from Branch office to Corporate and would like to pass the traffic through ISA. We have ISA cofigured parallel to ASA 5505 at corporate network. Is it possible?

7 REPLIES
Silver

Re: Site-Site VPN, allow internet traffic through VPN

Hello,

Yes it is possible. Can you ping your ISA server ? If yes , then you do not need to change anything on VPN devices. Just configure Internet browser for ISA server.It should work.

HTH

Saju

New Member

Re: Site-Site VPN, allow internet traffic through VPN

Thank you, but we would like to route all the traffic through VPN, is it possible?

Green

Re: Site-Site VPN, allow internet traffic through VPN

Yes, just add all traffic to the interesting traffic and nat 0 acl. If x.x.x.x/24 is the network you wish to tunnel then...

access-list extended permit ip x.x.x.x 255.255.255.0 any

access-list extended permit ip x.x.x.x 255.255.255.0 any

This will force all traffic from your networks over the tunnel. You will also need to add the mirror of the first acl on the other end.

access-list extended permit ip any x.x.x.x 255.255.255.0

New Member

Re: Site-Site VPN, allow internet traffic through VPN

Thanks for the information all!

But, I forgot to add that I have the access list as well as the crypto maps defined. If I didn't have this, I could not set up the tunnel. Also, I could not ping my workstation from another workstation within the ASA network.

My only problem is that from the ASA CLI, I cannot tftp to my workstation within the fortigate network.

Other than that, communication between devices within both networks can communicate with one another through the tunnel.

So, is there a special command or configuration I need to have in order to tftp from the ASA to network device outside the ASA's network?

Thanks in advance again

Green

Re: Site-Site VPN, allow internet traffic through VPN

Answered in your other post.

New Member

Re: Site-Site VPN, allow internet traffic through VPN

Hi All,

I just found it. In the configuration mode, you have to use the tftp-server command to configure an explicit device to tftp.

Thank you all for your advice!

New Member

Re: Site-Site VPN, allow internet traffic through VPN

Thanks, but is there any way to specify all the traffic through VPN, irespective of networks,as We do not want to specify the ISA as proxy in internet explorer in remote location

398
Views
5
Helpful
7
Replies
CreatePlease login to create content