We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

force all internet traffice to go through the ASA VPN tunnel

odewulf
odewulf asked
on
Medium Priority
1,363 Views
Last Modified: 2012-05-06
I have configured 2 cisco asa 5505 and they are connecting network 1 and network 2  to each other via a VPN tunnel.

Network 1 has limited internet access via its gateway and I would like to find a way to redirect all the internet traffic on network1 to use the vpn tunnel as the main gateway and not the asa1 gateway.

is that feasible?

thanks

Gaetan
Comment
Watch Question

Top Expert 2009

Commented:
So, essentially, you want to tunnel all traffic to network2?  If so, change your crypto access-lists to the following:

ASA1:

access-list crypto extended permit ip 10.0.1.0 255.255.255.0 any  <--10.0.1.0 is network1

ASA2:

access-list crypto extended permit ip any 10.0.1.0 255.255.255.0

Make sure the NAT on ASA1 encompasses network1 (10.0.1.0 in this example).
Top Expert 2009
Commented:
You will also need to disable NAT for network1 on ASA1 so it isn't NAT'ed prior to being sent over the tunnel.  You can remove the global and nat commands on ASA1.

By the way, you will use the same amount of bandwidth on your Internet circuit at network1.  The traffic will be IPSEC versus HTTP, FTP, etc but the bandwidth used will be the same.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
odewulfPresident

Author

Commented:
thanks I am going to try that. I have some issues to resolve first with the port forwarding and then I will give it a try
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.