Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ASA vpn on a stick on lan-to-lan

I have a single ASA at a site that now has a second site connected over the internet. They want to tunnel all traffic from the remote site in through a vpn including traffic destined for the internet. Basically we want all traffic from the hub site tunneled in and also utilize the internet connection from the central site with the ASA.

Will the ASA allow us to do this?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ASA vpn on a stick on lan-to-lan

Yes, ASA will allow you to do that as long as the ASA is the "hub" and you have the proper configuration in place. You need to adapt your interesting traffic to match the internet traffic "any" will be used as destination on your remote office and any will be use as your local network on your corporate ofice. You need to nat this remote network too and you will use the same-security traffic intra-interface command.

4 REPLIES

Re: ASA vpn on a stick on lan-to-lan

Yes, ASA will allow you to do that as long as the ASA is the "hub" and you have the proper configuration in place. You need to adapt your interesting traffic to match the internet traffic "any" will be used as destination on your remote office and any will be use as your local network on your corporate ofice. You need to nat this remote network too and you will use the same-security traffic intra-interface command.

Community Member

Re: ASA vpn on a stick on lan-to-lan

I would really apreciate if you can please help me in this I am looking for Site to site VPN Deployment on a stick , Stick means on the outside interface of my main firewall VPN terminates and for some IP Destination for Internet it goest out from the same interface

I got the document for Eazy VPN but i am looking for Site to Site VPN

I have enables same security traffic and global (outside) 1 interface

nat (outside) 1 192.168.10.0 255.255.255.0

as well

but its is not helpful , as 192,168.10.0 is my remote site machines and i neet to PAT them inorder to send them on the internet

One more thing I dont want all traffic comming from tunnel to go on internet a part from some DEstination IP rest is required on my Inside LAN

Re: ASA vpn on a stick on lan-to-lan

Hi, so if I get this correctly you need to have hairpinning, or ipsec on a stick but for a VPN L2L connection, and what you added, based on the ezvpn config, is not working?

global (outside) 1 interface

nat (outside) 1 192.168.10.0 255.255.255.0

An you have the same security settings, yet your lan to lan is not being sent out to the internet using your Main ASA?

for instance make sure the nat you have defined has the "outside" keyword since this is required, as well how is your lan to lan setup meaning crypto acl, does it have specific to specific networks or specific to global network?

Community Member

Re: ASA vpn on a stick on lan-to-lan

Thanks imartino , I have fixed it , there was one mistake in Crypto ACL. Thanks A lot

865
Views
10
Helpful
4
Replies
CreatePlease to create content