Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
324
Views
0
Helpful
1
Replies

SSL and IPSEC to get to the remote site

network770
Level 1
Level 1

‎03-17-2011 06:34 PM - edited ‎03-11-2019 01:08 PM

We have the following situation...

We want to have the ability to SSL to the firewall (reason is we need a clientLESS solution that can be initiated from anywhere) and then be able to access a remote which is on the other side of the VPN tunnel.  The catch is here...the remote VPN site will only accept the traffic if the source address is the 'interface' address of the firewall, here's a pic:

user@home --SSL--> firewall ---IPSEC VPN---> remote site

again, the remote site only allows access if the traffic is coming from the outside interface of the firewall.... so the whole point of the SSL is to security proxy the session from home via the firewall.

any thoughts?

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎03-17-2011 06:53 PM

This would perfectly work to your favour, as that is the only option you have for clientless SSL vpn access towards the IPSec tunnel.

Clientless SSL VPN will proxy the connection using the closest interface where the traffic is supposed to be routed to, hence in your scenario:

I assume that both SSL VPN and IPSec VPN are terminated on the firewall outside interface, right? and since the clientless resources that you are planning to access is behind the remote VPN, then the clientless SSL VPN will proxy the connection from the ASA outside interface as the IPSec VPN is terminated on the ASA.

Hope that helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card