Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

routing internet traffic through ASA site-site tunnel

i have a site -site vpn tunnel between ASA 5510 and sonicwall. can i route all internet traffic from sonicwall through ASA. what is the configuration on ASA that needs to be done

3 REPLIES
Cisco Employee

Re: routing internet traffic through ASA site-site tunnel

New Member

Re: routing internet traffic through ASA site-site tunnel

Sir, unfortunately i am not able to access that link

i am being prompted for CCO username and password. though i am typing my normal CCO credentials, i am getting an error.

New Member

Re: routing internet traffic through ASA site-site tunnel

Try out with this configuration----------

# Command that permits IPsec traffic to enter and exit the same interface.

same-security-traffic permit intra-interface

# The address pool for the VPN Clients.

ip local pool vpnpool x.x.x.x - x.x.x.x

nat-control

# The global address for Internet access used by VPN Clients.

Apply an address from your public range provided by your ISP.

global (outside) 1 x.x.x.x

# The NAT statement to define what to encrypt (the addresses from the vpn-pool).

nat (outside) 1 x.x.x.x 255.255.255.0

nat (inside) 1 0.0.0.0 0.0.0.0

# The configuration of group-policy for VPN Clients.

group-policy clientgroup internal

group-policy clientgroup attributes

vpn-idle-timeout 20

# Forces VPN Clients over the tunnel for Internet access.

split-tunnel-policy tunnelall

# Configuration of IPsec Phase 2.

crypto ipsec transform-set myset esp-3des esp-sha-hmac

# Crypto map configuration for VPN Clients that connect to this PIX.

crypto dynamic-map rtpdynmap 20 set transform-set myset

# Binds the dynamic map to the crypto map process.

crypto map mymap 20 ipsec-isakmp dynamic rtpdynmap

# Crypto map applied to the outside interface.

crypto map mymap interface outside

# Enable ISAKMP on the outside interface.

isakmp identity address

isakmp enable outside

# Configuration of ISAKMP policy.

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp policy 65535 authentication pre-share

isakmp policy 65535 encryption 3des

isakmp policy 65535 hash sha

isakmp policy 65535 group 2

isakmp policy 65535 lifetime 86400

telnet timeout 5

ssh timeout 5

console timeout 0

# Configuration of tunnel-group with group information for VPN Clients.

tunnel-group rtptacvpn type ipsec-ra

# Configuration of group parameters for the VPN Clients.

tunnel-group rtptacvpn general-attributes

address-pool vpnpool

# Disable user authentication.

authentication-server-group none

authorization-server-group LOCAL

# Bind group-policy parameters to the tunnel-group for VPN Clients.

default-group-policy clientgroup

tunnel-group rtptacvpn ipsec-attributes

pre-shared-key *

839
Views
0
Helpful
3
Replies
CreatePlease to create content