lets assume I have a l2l VPN between an ASA 8.2(5) and some Checkpoint...
On the ASA, I also have a remote access VPN.
- Can I do the following? sNAT (on the ASA) the traffic I get via the l2l VPN from the other Peer (Checkpoint), before hitting the Interesting Traffic (on the ASA).
- How can I do that? In other words, I have just a pool assigned to a Remote Access VPN. I would like that the sNAT-over-VPN traffic, to becomme part from this pool.
Hope you follow me :)
... View more
Hi everyone, I have few questions. I am redesigning our network for a number of reasons, but it is a bit difficult and I need some help :) Right now out ASA is doing both firewalling and intervlan routing: Present design: INTERNET ------ ISP modem ------ L2_core_switch ------ Cisco ASA | | L2 access switch Cisco ASA does NAT, Intervlanrouting... etc. ISPmodem to L2_core_switch is access vlan 10 L2_core_switch to Cisco ASA is access vlan 10 ASA conf: interface Vlan10 nameif Outside security-level 0 ip address 212.186.555.122 255.255.255.252 (fake public ip address) interface Ethernet0/0 description to L2_core_switch Fa0/2 switchport access vlan 10 switchport trunk allowed vlan 10 (I believe is an access vlan, maching the switch configuration) interface Vlan20 nameif Lan1 security-level 50 ip address 10.1.20.254 255.255.255.0 interface Vlan50 nameif WLAN security-level 50 ip address 10.1.50.254 255.255.255.0 PHASE 1 design: INTERNET ------ ISP modem ------ Cisco ASA ------L2_core_switch | | L2 access switch To begin I just want to move the ASA to be in front of the ISP modem without a L2 switch in between. As far as I am concern, I would need to: change the cable coming from the ISP modem to the Cisco ASA 0/0 I think that Vlan10 and et0/0 configuration on the ASA should remain untoched I think that Vlan10 and et0/0 configuration on the Switch Fa0/2 should aldo remain untoched SUMMARY: If I change the order of the devices, as I am always using ACCESS VLAN 10, it should just work Future design to be addressed later on: INTERNET ------ ISP modem ------ Cisco ASA ------ L3 switch | | L2 access switch There will come more phases ASAP, but this is a good start :D:D:D thanks a lot,
... View more