Modifying VPN configuration to pass web traffic through tunnel
We've recently had a couple of changes to our network configuration, one of which includes removal of our proxy server at our main site, which has been replaced with a web filtering appliance that is connected to our core switch behind our ASA firewall. We currently have a remote site connected to the main site's ASA (5520) firewall via site to site VPN through a Cisco 860 router.
As it is, it appears that traffic going out to the internet wants to route directly through the public interface on the router rather than using the VPN tunnel. I've tried a few things but being completely new to router configuration, I'm having trouble getting this to work.
What I've tried was to add a permit entry to the access list used by the crypto map for any destination address and add a deny entry to the nonat route-map for any destination address:
access-list 101 permit 172.16.54.0 0.0.0.63 any
access-list 110 deny ip 172.16.54.0 0.0.0.63 any
Below is some basic info and our running config as it was before I attempted any changes:
main site gateway/vlan: 172.16.4.1 / 172.16.4.0/255.255.252.0
main site external ip for site-to-site vpn access: 22.214.171.124
remote site gateway/vlan: 172.16.54.1 / 172.16.54.0/255.255.255.192
remote site external ip for site-to-site: 126.96.36.199
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...