Does the asa have the ability to terminate a vpn using only its inside interface connected to a core switch? I understand the edge firewall would have to nat for the asa. I know the Meraki Mx can do this from anywhere inside a network. I just don't see any information on setting up a site to site tunnel on an asa that won't be using an outside interface. Has anyone had success doing this before?
@jlinder if you have an ASA with one interface I assume that you have configured sub-interfaces, with traffic routed between sub-interfaces. Just terminate the VPN on the interface facing external, it doesn't need to be called "outside".
@jlinder You cannot route traffic through the outside interface and terminate the VPN on the inside interface, if that was your question? You terminate a VPN on the closest interface to the peer.
I do understand that portion. Every site to site vpn I have setup has been on the edge network where you have an inside and outside interface. But I have seen scenario's where someone connected an asa for a site to site tunnel that can get plugged anywhere on the LAN. That is where I get confused since there would be no outside interface. There is only the 1 uplink from asa to the switch.
Yea perhaps that's the secret. Maybe you can have the outside setup as a sub interface on the same physical interface as long as they have separate security zones? Might be something I try out soon.
@jlinder if you have an ASA with one interface I assume that you have configured sub-interfaces, with traffic routed between sub-interfaces. Just terminate the VPN on the interface facing external, it doesn't need to be called "outside".
