On Thu, May 21, 2009 at 1:45 PM, N Parr <[email protected]> wrote: > So the remote gateway of the ASA has to be the ISP's gateway in > order to find the main office.
The ASA itself will need to have its default route by the ISP, yes. But not the VPN tunnel. I've never used an ASA, but I assume you can configure the VPN such that it provides a point-to-point link between the ASA's LAN interface at the remote site, and whatever you have at HQ. Configure the firewall or routing tables or whatever so that the LAN interface doesn't forward traffic between the LAN and the public interface. Just give it routes to the local site networks, and a default route to gateway to HQ. Then configure everything on the LAN to use the ASA as the default gateway. Now all traffic from the LAN to anywhere goes to the ASA, which forwards it through the VPN to HQ. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
