Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA5505 route specific website through VPN

Hi experts,

I have 2 ASA5505 with fully working VPN.

Main USA office local net is 192.168.0.0/24 and remote (Europe) is 192.168.1.0/24

The problem is that in Europe office they need to use one specific website (let say it's 70.70.70.70) which is refusing all traffic originating from country other than US...

Is there a way that I can route traffic to this website though VPN ?

I'm assuming I will have to add:

route 70.70.70.70 255.255.255.255 ????? 2

but what should I put as a gateway ?

2) I will have to add NAT exemption as well, right ? What would be the command ?

3) What about US ASA - do I ave to change anything in it's config ?

Thanks in advance,

1 REPLY

Re: ASA5505 route specific website through VPN

Hi,

If I understand correctly you have a Site-to-Site tunnel between two ASA 5505s.

You need to send traffic from Europe to USA (through the tunnel) when going to a specific site.

In that case, you need to include traffic intended to the IP of the site through the tunnel on both sides.

Europe:

access-list nonat permit ip 192.168.1.0 255.255.255.0 host 70.70.70.70

access-list vpn permit ip 192.168.1.0 255.255.255.0 host 70.70.70.70

USA

access-list nonat permit ip host 70.70.70.70  192.168.1.0 255.255.255.0

access-list vpn permit ip host 70.70.70.70 192.168.1.0 255.255.255.0

''Make sure you change nonat and vpn for the real name of the ACLs''

Then, on USA...

nat (outside) 1 192.168.1.0 255.255.255.0

global (outside) 1 interface

same-security-traffic permit intra-interface

Do you see the idea?

Sending from Europe to USA through the tunnel all traffic intended to 70.70.70.70

Then on USA, redirecting the traffic to the Internet.

Federico.

171
Views
0
Helpful
1
Replies