Re: [fw-wiz] ASA routing over VPN



I only had time to look at the vpn to internet "hairpinning" scenario. It
looks like you don't have an ip pool assigned to the vpn traffic to be
designated for NATing to the internet. Try implementing ip local pool
"pool_name_here"
"ip_range_here_for_ips_from_over_the_vpn_to_access_the_internet"

Let me know how this works. Cool feature, I wish my pix could do this so I
didn't have to terminate my tunnels on a router and a concentrator.

On a side note watch out for this command "telnet 0.0.0.0 0.0.0.0 internet",
that's not good. You have ssh configured so stick to your guns with it
since at least it is encrypted. Best practice is to not even to open it to
the internet yet just vpn in and then access it via ssh. Ah but who takes
advice from a pen tester anyways ;p


-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Craig
Van Tassle
Sent: Tuesday, July 25, 2006 5:12 PM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] ASA routing over VPN

I have a ASA 5510 and its not routing my vpn's properly. I can get from my
vpn's
to anywhere on my lan.. but I cant get to the net from my vpn's.
I have 4 VPN tunnels. One over the Internet, and 3 over a Frame relay
network.

The Internet one is not working at all.. it connects but does not route any
traffic. The VPN's on my Frame connect but do not route traffic to the
Internet.

I'm at a total loss as where to go with this.


Attacked is my current config (ip's and password have been changed)
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards