Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN non-standard configuration

Hello everybody,
I have to setup a non-standard configuration with Cisco ASA 5510:
First of all I have to realize a Lan-to-Lan VPN, and no problem on this:

LAN Inside --> CIsco ASA - Router ISP1 --> VPN L2L (10.10.10.x)

But at the same time the client want also that all Internet traffic goes to another ISP router, and this 2nd router is on the LAN Inside:

LAN Inside --> Cisco ASA --> Router ISP2 (192.168.0.253) --> Internet traffic.

How can I setup this config ?
I tried with the following static routes:

route inside 0.0.0.0 0.0.0.0 192.168.0.253
route outside 10.10.10.0 255.255.255.0 217.269.x.y

but it's does not works, due to NAT malfunction.

Any other ideas ?

Thank you in advance

1 ACCEPTED SOLUTION

Accepted Solutions

Re: VPN non-standard configuration

For me it is easier to change the default gateway ONE THE COMPUTERS to the hop Inside your LAN. (The ISP Router or whatever you have in the inside.) In that device (ISP Router or whatever u have)set the default gateway to the internet. And tell to this device that anything goint to the Remote LAN (the VPN Peer) must be sent to the ASA so the ASA will be able to provide comunication with the remote LAN Through the VPN

6 REPLIES

Re: VPN non-standard configuration

Static (inside,inside) Network192.168.0.    Network192.168.0.

ASA(config) )same-security-traffic permit intra-interface

We have to do an identity NAT. We are going to NAT our network in the inside to the same Ip range when going to the inside as well.

Maybe this U-turn will help

Let me know.

New Member

Re: VPN non-standard configuration

Sorry for my late answer.

Thank you for your suggestion,

I have tried it but it does not work.

Regards

Re: VPN non-standard configuration

OK.

For me it is easier to change the default gateway to the hop Inside your LAN. (The ISP Router or whatever you have in the inside.) In that device set the default gateway to the internet. And tell to this device that anything goint to the Remote LAN (the VPN Peer) must be sent to the ASA so the ASA will be able to provide comunication with the remote LAN.

I hope it helps

Re: VPN non-standard configuration

For me it is easier to change the default gateway ONE THE COMPUTERS to the hop Inside your LAN. (The ISP Router or whatever you have in the inside.) In that device (ISP Router or whatever u have)set the default gateway to the internet. And tell to this device that anything goint to the Remote LAN (the VPN Peer) must be sent to the ASA so the ASA will be able to provide comunication with the remote LAN Through the VPN

New Member

Re: VPN non-standard configuration

Hi Diego,

I agree with you, this is the best way to solve our client request.

Thank you

Luca

New Member

Re: VPN non-standard configuration

hi there,

if you dont have problem to comunicate with VPN-s thought ISP1 and after you have configure the route you just should configure these steps

global (outside) 1 1217.269.x.y or interface

nat (inside) 1 0.0.0.0 0.0.0.0 (or you can specify IPs whitch can go out throught this port)

hope is heplfull.

Regards.

267
Views
0
Helpful
6
Replies