cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
400
Views
0
Helpful
3
Replies
Beginner

Remote Access VPN with Multiple Endpoints

Im not sure how it is called but here's the scenario.

We have multiple offices (lets use 3 office for simplicity) across US and APAC. Remote users vpn into the site to where their required resources lives. Say a user needs a files in each site, he needs to vpn into site1 to get file1, vpn into site2 to get file2 and so on.

We are looking for a solution wherein the users only needs to login into a single endpoint then that endpoint routes or decides how these users will be able to reach those files.

Please refer to the attachment, hope it helps. 

 

Central VPN Termination.png

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advisor

Re: Remote Access VPN with Multiple Endpoints

There is no way of doing this. The traffic needs to U-Turn from VPN end
which is ASA. You can have direct client to site without passing thought
headend.
3 REPLIES 3
VIP Advisor

Re: Remote Access VPN with Multiple Endpoints

Why not to have a single pair of ASAs to terminate VPN and then based on the username (or you can use DAP) you can grant user access to the specific site. This is doable. 

Beginner

Re: Remote Access VPN with Multiple Endpoints

Hi Mohammed,

Thanks for the reply.

You mean use the ASA pair as a hop-off to reach the other sites? Yeah that would work, i thought about that as well. Our concern in that setup is the effective latency and speed of data transfer since the data will traverse into two tunnel. At least that's how i understand it.

We're looking for a DMVPN'ish solution but instead of an appliance as the spoke, the anyconnect/vpn-client act as the spoke

 

VIP Advisor

Re: Remote Access VPN with Multiple Endpoints

There is no way of doing this. The traffic needs to U-Turn from VPN end
which is ASA. You can have direct client to site without passing thought
headend.