Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC tunnel address spoofing errors

I have an ASA 5520 cofigured for IPSEC

and i inted to tunnel all internet traffic through the tunnel to get ( no split tunneling)

The ASA is sitting behhind and external firewall and i had to do NAT transaltions for the outside interface .

My problem is this: Remote access VPN connection is fine and i can access all the resources on my remote network as well as all internal websites.

but i cannot access other internet traffic.

i had to enable same-security traffic on the outside interface because the firewall oth the ASA sees the traffic as a loop and drops it.

but on the other hand my external firewall sees the traffic as an ip spoof and drops it as well,because it sees the internet traffic request coming form it's internal interfaces.

any suggestions

5 REPLIES
Green

Re: IPSEC tunnel address spoofing errors

You could try...

no ip verify reverse-path interface inside

New Member

Re: IPSEC tunnel address spoofing errors

Tried that it didn't work for me,

i believe what needs to be achieved is a sort of translation of the internet source address to appear as if coming from the HQ end of the IPSEC tunnel, i'm trying to access the internet through the perimeter firewall at HQ, but this same firewall see the real source address of the http request as that of the remote user depite tunneling all the traffic through the iPSEC tunnel..

your feedback would be apprciated..

Re: IPSEC tunnel address spoofing errors

This is a working example of your scenario, if you still face problems please post more details about your topology and the vendor of your perimeter firewall.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml

Regards

Farrukh

New Member

Re: IPSEC tunnel address spoofing errors

You rock!!!!!!

after a little tweaking, it worked like a charm...

Thnaks !

Re: IPSEC tunnel address spoofing errors

No problem buddy, glad to know its working :)

Please rate if helpful.

Regards

Farrukh

298
Views
0
Helpful
5
Replies