?
Solved

force all internet traffice to go through the ASA VPN tunnel

Posted on 2009-02-17
3
Medium Priority
?
1,326 Views
Last Modified: 2012-05-06
I have configured 2 cisco asa 5505 and they are connecting network 1 and network 2  to each other via a VPN tunnel.

Network 1 has limited internet access via its gateway and I would like to find a way to redirect all the internet traffic on network1 to use the vpn tunnel as the main gateway and not the asa1 gateway.

is that feasible?

thanks

Gaetan
0
Comment
Question by:odewulf
  • 2
3 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 23673093
So, essentially, you want to tunnel all traffic to network2?  If so, change your crypto access-lists to the following:

ASA1:

access-list crypto extended permit ip 10.0.1.0 255.255.255.0 any  <--10.0.1.0 is network1

ASA2:

access-list crypto extended permit ip any 10.0.1.0 255.255.255.0

Make sure the NAT on ASA1 encompasses network1 (10.0.1.0 in this example).
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 2000 total points
ID: 23673179
You will also need to disable NAT for network1 on ASA1 so it isn't NAT'ed prior to being sent over the tunnel.  You can remove the global and nat commands on ASA1.

By the way, you will use the same amount of bandwidth on your Internet circuit at network1.  The traffic will be IPSEC versus HTTP, FTP, etc but the bandwidth used will be the same.
0
 

Author Comment

by:odewulf
ID: 23678733
thanks I am going to try that. I have some issues to resolve first with the port forwarding and then I will give it a try
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month9 days, 5 hours left to enroll

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question