snowdog_2112
asked on
Cisco ASA 5505 site to site with shared internet access - NAT
I have 2 locations with ASA 5505's (8.4 code), and a tunnel between the 2 sites. All is working fine for remote site (Site B) to access resources in Site A.
I now need Site B to access the INTERNET using Site A's Internet connection - that is, from Site B to www.google.com, traffic goes:
Site B PC --> Site B ASA ---> TUNNEL ---> Site A ASA oustide then hairpin back out to Internet (and find its way back to Site B, of course).
I know I need to double NAT everything at Site B into the tunnel - not a problem. Essentially *ALL* traffic leaving Site B goes into the tunnel.
The problem is at Site A - the traffic from Site B for internal resources goes to "inside", and web requests turn around and go out "outside".
Help!!!?!?!
I now need Site B to access the INTERNET using Site A's Internet connection - that is, from Site B to www.google.com, traffic goes:
Site B PC --> Site B ASA ---> TUNNEL ---> Site A ASA oustide then hairpin back out to Internet (and find its way back to Site B, of course).
I know I need to double NAT everything at Site B into the tunnel - not a problem. Essentially *ALL* traffic leaving Site B goes into the tunnel.
The problem is at Site A - the traffic from Site B for internal resources goes to "inside", and web requests turn around and go out "outside".
Help!!!?!?!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes, the acl change will be needed. Good call.
ASKER
Excellent - that seems to be working.