Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASA 5510 VPN/ internet access help

Status
Not open for further replies.
nhidalgo

nhidalgo

MIS
Jun 13, 2001
619
US
I have 50 l2l tunnels terminating to my ASA. I then allow internet access through the inside interface to my microsoft firewall.

What i would like to do is allow the tunnel traffic to come in on the outside interface like it does now and then allow it to access the internet via the outside interface. Is this possible. I have all NAT'ing turned off. I also would only like to allow access to the web for 3 IP's via the asa, the default internet traffic would still go through my inside interface to my other firewall.
Basically all the traffic to come in and out on the outside interface.

Thanks for any help
 
Sort by date Sort by votes
can you post your config??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
We have a Cisco ASA 5510 and behind it we run a Microsoft ISA Firewall. I have remote VPN users vpn into the Cisco ASA and can access the internet from our Internet source.

Ours is configured so that our ISA server's DMZ network (which has the network subnet between the ASA and the ISA Server as well as the subnet for the report VPN Client) has Web Proxy enabled.

There is a rule in the Firewall policy to allow VPN users HTTP/HTTPS access from their subnet to External Network also.

The VPN users then set IE or other browser with the proxy settings of the External NIC on the ISA server and it all works fine!
 
Upvote 0 Downvote
Did you resolve this? I'm sure you cna get this to work, I did a similar installation for users with VPN Clients, based on the documant at this URL:


This allows a VPN client user access to the Internet.

The NAT 1 statement translates the private 192.168.10.0 pool addresses to that provided by the global statement.
Add the subnets at the far end of the L2L links into this NAT. This on its own would probaly break remote conections into your central network

To fix this, add a NAT (outside) 0 and include the remote networks and your central network in that list.

Dont forget to clear xlate before you test this.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
323
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
378
intel233
intel233
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
340
intel233
intel233
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
95
WhosYourDiffie
WhosYourDiffie
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
86
ITSUPPORTIT
ITSUPPORTIT

Part and Inventory Search

Sponsor

Back
Top