Ok, I've got a question for all you experts out there. I could probably spent several hours with trial and error, but I'm hoping someone can point me in the right direction to get started. I have several site to site VPN tunnels. My core firewall is an ASA 5510. My remote firewalls are ASA 5505's. I do not allow split tunnelling.
My goal is this:
1. Set up a connection so one Ethernet port on the remote ASA hands me traffic for my tunnel and works as my gateway... no split tunneling. (This is no problem. I know how to do this)
2. Create a second Ethernet port that grabs the local internet connection, NAT's it, hands out DHCP, and acts as a local internet DMZ. I guess DMZ may not be the correct term, because I'd want it to be behind the firewall, I just wouldn't want it to be on the same network as the first Ethernet port.
3. So basically, I have 2 networks. One is a complete tunnel back to my corporate office. The second draws internet locally.
The trick with this, is I'll only be working with a single public IP address on a single outside interface. Is it possible to do what trying to do?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...