5 Replies Latest reply on Feb 20, 2013 6:55 AM by noor

    using a VPN as a gateway

    gladeeaytur New Member

      I would like to set up a default gateway to use the VPN remote network for all internet queries.

        • Re: using a VPN as a gateway
          levi Employee

          gladeeaytur:

           

          Thank you for asking this question in the support community.  Is there any additional information you can provide?  From the input you provided I think the setup is as follows:

           

          Site A ---- VPN ---- Site B ---- Internet

           

          You want Site A to send all Internet traffic over the VPN to Site B's Internet connection?  Please, let me know if this is correct, and I will be happy to provide some suggestions for you.

           

          Levi

            • Re: using a VPN as a gateway
              gladeeaytur New Member

              Yes Levi this is what I would like to accomplish

                • Re: using a VPN as a gateway
                  levi Employee

                  gladeeaytur:

                   

                  This application is often called "Central Traffic Policing VPN."  This is when remote sites are required to send their Internet traffic through a central site before accessing the Internet.  Review the Configuring a VPN Using Main Mode in AOS guide for reference on how to setup a VPN.  However, with this application, the setup is the same as a standard VPN, except the VPN Selectors are different.  The VPN selectors need to reflect the destination as "any" because it is going to be routed to the public Internet, and the true destination address is unknown.  Here is an example configuration of this portion of the VPN (the remote site's LAN subnet is 10.1.1.0 /24):

                   

                  Central Site Configuration:

                   

                  ip access-list extended VPN-TO-REMOTE

                    permit ip any 10.1.1.0 0.0.0.255

                  !

                  ip policy-class Private

                    allow list VPN-TO-REMOTE stateless

                  !

                  ip policy-class Public

                    allow reverse list VPN-TO-REMOTE stateless

                   

                  Remote Site Configuration:

                   

                  ip access-list extended VPN-TO-MAIN

                    permit ip 10.1.1.0 0.0.0.255 any

                  !

                  ip policy-class Private

                    allow list VPN-TO-MAIN stateless

                  !

                  ip policy-class Public

                    allow reverse list VPN-TO-MAIN stateless

                   

                  I hope that makes sense, but please do not hesitate to reply to this post with any additional questions.  I will be happy to help in any way I can.

                   

                  Levi

              • Re: using a VPN as a gateway
                levi Employee

                gladeeaytur:

                 

                I went ahead and flagged this post as “Assumed Answered.”  If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons.  This will make them visible and help other members of the community find solutions more easily.  If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.

                 

                Levi

                  • Re: using a VPN as a gateway
                    Employee

                    I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

                     

                    Thanks,

                    Noor