I have request from one of our customers. We have 2 sites lets say site A and Site B connected via an IPSEC VPN on 2 Cisco ASA 5512'S
The customer wants anyone on site A to use site's B internet connection NOT there local internet connection. Can this be done can I send traffic that's destined to the internet to route over the vpn to use site B internet?
This is a strange setup and I'm not sure if this even can be done? any input would be great.
As with many requests you should ask the customer what he want's to achieve with that change. Doing it the proposed way (just sending the internet-traffic through the VPN to send it to the internet) doesn't give you any benefit. There are many alternatives that would give you benefits. Just to name three:
Deploy a ASA-CX on the branch ASA (and potentially the central ASA) and send the internet-traffic directly out. This gives you better web-security and you don't eat up the bandwidth at the central location.
Deploy a local proxy at the main site and configure the branch-PCs to use this proxy which gives you a central control of Web-surfing.
Deploy Cisco Cloud Web Security with connectors on both ASAs. Gives you web-security on both sites and also for all your remote-access-PCs.
If you don't want to spend much extra money, solution 2) would be my preferred. For doing it the customer way (if you are afraid of discussing with the customer), then you have to modify the crypto ACL to include "any" as the destination on the branch-ASA and as a source on the central ASA, allow same-security-traffic intra-interface und configure NAT/PAT from outside to outside.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :