Link to home
Create AccountLog in
Avatar of lospilotos
lospilotos

asked on

ASA 5505 route traffic through other site

Hi!

I have two networks (A/192.168.0.0 + B/192.168.2.0) using the ASA 5505 as firewalls. The networks are connected using an IPSEC VPN tunnel which is working fine. I am connecting to a server (object name IIS_Server) hosted on a 3rd network (C) over which I have no control. This server only allows connections from the public IP-address of network A. Since I want to connect to the server on C also from the network B, I want to route all traffic originating on B, bound for C, trough A. (B -> A -> C)

After doing some research here I think the way to do it is to add an ACL entry instructing the traffic bound for C to use the encrypted tunnel. This is the entry I have now in the ASA on network B:

access-list outside_1_cryptomap extended permit ip 192.168.2.0 255.255.255.0 object IIS_Server

I also understand that I have to make corresponding entries in the ASA on network A, but the initial problem is that the traffic does not seem to be routed through the VPN tunnel at all, but is NATed out through the usual gateway of B. This is the NAT info I get then running the Packet Tracer in ASDM: "Dynamic translate 192.168.2.10/23432 to xx.xx.xx.xx/21735" xx.xx.xx.xx is the public IP of network B.

Could someone please tell me the step-by-step way of achieving the desired result.

ASA on network A is 8.2(5)  and on network B it is 8.3(1).

Thanks!

L.
ASKER CERTIFIED SOLUTION
Avatar of asavener
asavener
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of lospilotos
lospilotos

ASKER

I have not had time to test the above. Will update as I do...