Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1426
Views
10
Helpful
4
Replies

ASA vpn on a stick on lan-to-lan

Go to solution
j.mcmullen
Level 1
Level 1

‎02-04-2009 04:28 PM

I have a single ASA at a site that now has a second site connected over the internet. They want to tunnel all traffic from the remote site in through a vpn including traffic destined for the internet. Basically we want all traffic from the hub site tunneled in and also utilize the internet connection from the central site with the ASA.

Will the ASA allow us to do this?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ivan Martinon
Level 7
Level 7

‎02-04-2009 05:20 PM

Yes, ASA will allow you to do that as long as the ASA is the "hub" and you have the proper configuration in place. You need to adapt your interesting traffic to match the internet traffic "any" will be used as destination on your remote office and any will be use as your local network on your corporate ofice. You need to nat this remote network too and you will use the same-security traffic intra-interface command.

View solution in original post

4 Replies 4

Go to solution
Ivan Martinon
Level 7
Level 7

‎02-04-2009 05:20 PM

Yes, ASA will allow you to do that as long as the ASA is the "hub" and you have the proper configuration in place. You need to adapt your interesting traffic to match the internet traffic "any" will be used as destination on your remote office and any will be use as your local network on your corporate ofice. You need to nat this remote network too and you will use the same-security traffic intra-interface command.

Go to solution
whhtnetwork
Level 1
Level 1
In response to Ivan Martinon

‎10-21-2009 10:53 AM

I would really apreciate if you can please help me in this I am looking for Site to site VPN Deployment on a stick , Stick means on the outside interface of my main firewall VPN terminates and for some IP Destination for Internet it goest out from the same interface

I got the document for Eazy VPN but i am looking for Site to Site VPN

I have enables same security traffic and global (outside) 1 interface

nat (outside) 1 192.168.10.0 255.255.255.0

as well

but its is not helpful , as 192,168.10.0 is my remote site machines and i neet to PAT them inorder to send them on the internet

One more thing I dont want all traffic comming from tunnel to go on internet a part from some DEstination IP rest is required on my Inside LAN

0 Helpful

Go to solution
Ivan Martinon
Level 7
Level 7
In response to whhtnetwork

‎10-27-2009 10:45 AM

Hi, so if I get this correctly you need to have hairpinning, or ipsec on a stick but for a VPN L2L connection, and what you added, based on the ezvpn config, is not working?

global (outside) 1 interface

nat (outside) 1 192.168.10.0 255.255.255.0

An you have the same security settings, yet your lan to lan is not being sent out to the internet using your Main ASA?

for instance make sure the nat you have defined has the "outside" keyword since this is required, as well how is your lan to lan setup meaning crypto acl, does it have specific to specific networks or specific to global network?

Go to solution
whhtnetwork
Level 1
Level 1
In response to Ivan Martinon

‎10-28-2009 02:39 AM

Thanks imartino , I have fixed it , there was one mistake in Crypto ACL. Thanks A lot

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents