ipsec site-to-site tunnel with Cisco, force all traffic through tunnel

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

ipsec site-to-site tunnel with Cisco, force all traffic through tunnel

L1 Bithead

Hello,

My customer has two sites connected with IPsec tunnel.

Now all users in all sites browse to the internet through proxy server.

Site A

Cisco ASA 5505

192.168.1.0/24

CryptoMap    

access-list S2S extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0

access-list S2S extended permit ip 192.168.1.0 255.255.255.0 192.168.8.0 255.255.255.0

Site B

PA200

192.168.0.0/24

192.168.8.0/24

this IPsec tunnel is terminated on a tunnel.1 interface, which is in zone named S2S

ProxyID

local 192.168.0.0/24     remote 192.168.1.0/24

local 192.168.8.0/24     remote 192.168.1.0/24

My question is. I want to route all traffic from site A (behind Cisco ASA) through the IPsec tunnel to site B and then to internet, because I want that all traffic is scanned by PaloAlto. And I want to get rid of the Proxy Smiley Happy

Will it be possible if I just change the:

Cryptomap to:

access-list S2S extended permit ip 192.168.1.0 255.255.255.0 any

PaloAlto ProxyID

local 0.0.0.0/0     remote 192.168.1.0/24

NAT policy

S2S to Outside

Security Policy

thanks for advices

Rudolf

0 REPLIES 0
  • 1584 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!