Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco VPN Traffic

Status
Not open for further replies.

cisco222

Vendor
Jul 9, 2007
28
GB
Hey Guys,

Hope you can help :)

I have a site to site VPN setup (IPSEC) which seems to be all working well between 2 ASA'S.
A site in Manchester and London. I want to ensure that the Manchester ASA is not sending all internet traffic to London and back again and just uses it locally. What type of access list would i define in Manchester for this to happen so all traffic for browsing the internet doesn't go over the vpn and uses the local connection.

Thanks

J

 
your crypto acl's that you define for interesting traffic determine what is sent across the vpn tunnel and what is not. if site 1 has local network of 192.168.1/24 and site 2 has local network of 192.168.2/24, then site 1 would have a crypto acl along the lines of access-list site1_site2 extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 and site 2 would have the mirror opposite access-list site2_site1 extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0. depending on what version of code you are running your nat exemption acl's will exempt the traffic from the NAT process (NAT configs from code < 8.3 is a lot different than NAT configs > 8.3). your crypto acl's and NAT exemption configs will keep traffic destined from the internet from crossing the VPN tunnel.

 
Thanks for this. Made it nice and easy to understand.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top