ASA Routing Traffic Between 2 IPSEC Tunnels With IP Hiding

rschember1 · ‎07-06-2018

Hi all,

I'm looking to see if this configuration is even possible with the ASA, or at all, but I'm not really sure what this type of setup would be called. I endlessly searched this forum for a similar request, but I haven't been able to find one and I can't find any similar configuration examples.

There are 3 sites involved in this setup, 2 of which I have control of the firewalls -- the third is an external customer who has no IT staff (SiteC). There is an IPSEC tunnel from SiteA <--> SiteB, and an IPSEC tunnel from SiteB <--> SiteC. As mentioned above, SiteC is a small company who doesn't have a network administrator, so I can't set up a direct connection from SiteA <--> SiteC. They've just basically been on auto-pilot for years and nothing has ever needed to be changed.

Is there a way that I can route traffic from SiteA to SiteC, through SiteB, and have it appear as if the traffic is coming directly from SiteB so I don't have to find someone who can help me make configuration changes to the SiteC firewall?

I can post the configurations for SiteA and SiteB if needed, or if someone can point me in the right direction for a similar configuration that I could modify for my needs. I'm just not sure what I need to search for.

Thanks,

-Rob

Dennis Mink · ‎07-06-2018

i would expand the tunnesl to the remote sites, to include traffic to one another by changing the crypto map that defines interesting traffic so add subnet from site C to tunnel to B and subnet B to the tunnel crypto map of A and ofcourse add on the respective remote end as well. cant see why that wouldnt work

Please remember to rate useful posts, by clicking on the stars below.