No announcement yet.

Configuring ASA site to site VPN

  • Filter
  • Time
  • Show
Clear All
new posts

  • Configuring ASA site to site VPN


    I am building a site to site vpn. The vpn comes up, but all the traffic from my new site is routed over the internet. So all traffic gets dropped.

    My setup is WAN->dSL router->ASA.

    I know that the issue has to be a routing issue. I only can't see the immediate solution. Anybody idea's and if so need some more input?

    best regards,

  • #2
    Re: Configuring ASA site to site VPN


    The most likely problem is - the NAT exemption rule, you need to exempt your VPN interesting traffic to be NATed.
    You can, check the website, they explained very well how to setup most popular types of VPNs.
    Policy NAT Exemption aka NAT Zero aka No NAT - all of them are different names for the same idea. Idea is to exclude the interesting traffic between two VPN peers to be NATed on the regular way, like in your question when users trying to reach the remote network behind the VPN tunnel are NATed which is not right.
    Also be prepared that NAT steps are different on ASA with IOS versions older then 8.3 and all newer versions.
    Last edited by tAnk; 18th July 2013, 15:28.