Solved

ASA 5505 Internet Access with simultaneous VPN connection

Posted on 2009-07-14
8
414 Views
Last Modified: 2012-05-07
I'm pretty sure the answer to this question is "no", but thought I'd throw it out there anyway. I have one ASA 5505 configured with a base license using a VPN tunnel to a remote site. All is well. But I was wondering if I could also configure the ASA for internet use, as well? I've tried:

global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0

But as soon as I enter the NAT command, it kills the VPN tunnel completely...which I can't have.

Wondering if it would be an access list of some sort?

I've attached the config for review. Any suggestions would be appreciated.
internet-asa.txt
0
Comment
Question by:sarahbobby
  • 4
  • 2
  • 2
8 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 24854152
Hi,

Use the following:

nat (inside) 0 access-list inside_nat0_outbound

access-list  inside_nat0_outbound extended permit ip 192.168.60.0 255.255.255.0 192.168.40.0 255.255.255.0
0
 
LVL 13

Accepted Solution

by:
3nerds earned 125 total points
ID: 24854172
If I understand you correctly you have a site to site vpn and ti works you also want to be able to access the internet through this asa at the same time. If that is the question the answer is yes.

You are on the right track above but you have to add additional no nat pieces so the vpn keeps passing traffic.

access-list nonat extended permit ip x.x.x.x 255.255.255.0 y.y.y.y 255.255.255.0 ----> x is your local lan subnet, and y is the remote lan subnet.

global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0 0

Good Luck,

3nerds
0
 

Author Closing Comment

by:sarahbobby
ID: 31603478
Magic. That worked like a champ.

I only slightly understand why this allowed the web traffic to work, but that's due to my inexperience. I'll have to read up on nonat statements to get a better handle on how/why this allowed the traffic through.

Thanks!!
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 24859420
Am I wrote wong??
As I see I selved your problem correctly, but you don't ranked me!
0
 
LVL 13

Expert Comment

by:3nerds
ID: 24859461
I guess he preferred my answer, it happens.

Regards,

3nerds
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 24859502
Yes, but I wrote it to earlier -:)

0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 24859522
Congralutions 3nerds:)
0
 

Author Comment

by:sarahbobby
ID: 24859556
3nerds provided a bit more detail and guidance on what specific steps I was to take to solve my issue, which is why I chose that answer. No disrespect intended to ikalmar at all, and I truly appreciate the assistance. I guess next time I'll accept multiple answers.....
0

Featured Post

Register Today - IoT Current and Future Threats

Are you prepared to protect your organization from current and future IoT Threats?  Join our Wi-Fi expert in episode three of our webinar series for a look at the current state of Wi-Fi IoT and what may lie ahead. Register for our live webinar on April 20th at 9 am PDT!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question