03-31-2014 06:57 AM
My customer has two sites connected with IPsec tunnel.
Now all users in all sites browse to the internet through proxy server.
Cisco ASA 5505
access-list S2S extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list S2S extended permit ip 192.168.1.0 255.255.255.0 192.168.8.0 255.255.255.0
this IPsec tunnel is terminated on a tunnel.1 interface, which is in zone named S2S
local 192.168.0.0/24 remote 192.168.1.0/24
local 192.168.8.0/24 remote 192.168.1.0/24
My question is. I want to route all traffic from site A (behind Cisco ASA) through the IPsec tunnel to site B and then to internet, because I want that all traffic is scanned by PaloAlto. And I want to get rid of the Proxy
Will it be possible if I just change the:
access-list S2S extended permit ip 192.168.1.0 255.255.255.0 any
local 0.0.0.0/0 remote 192.168.1.0/24
S2S to Outside
thanks for advices
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!