Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1321
Views
0
Helpful
1
Replies

ASA phase 2 - encryption domain

christiancruz88
Level 1
Level 1

‎05-25-2018 07:52 AM - edited ‎02-21-2020 07:48 AM

hi,

 

I have a cisco ASA 5525, and I need to establish a vpn site to site.
It establishes phase 1 without problems, but for phase 2 they ask me to use a Public IP for the encryption domain, however that ASA does not have a direct connection to the Internet.
Is there any way to "cheat", with loopback or nat?
The internal server has an internal IP (belongs to an ASA interface -> dmz_3)

 

Interface Name Security
GigabitEthernet0 / 0 Outside 0
GigabitEthernet0 / 1 Inside 100
GigabitEthernet0 / 2 dmz 50
GigabitEthernet0 / 3 dmz_2 55
GigabitEthernet0 / 4 dmz_3 55

 

TNKs!

Labels:
0 Helpful
1 Reply 1

Florin Barhala
Level 6
Level 6

‎05-30-2018 04:17 AM

Just add the required routing info for that public IP and you ll make it.
Obviously you will use as next hop and outbound interface the interface that gets VPN packets out.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card