03-29-2013 08:18 AM - edited 02-21-2020 06:47 PM
My user in Reno wants to send data to Vermont, but has to go through the Kansas ASA.
The Reno to Kansas hop must be AES-128.
The Kansas to Vermont hop must be AES-256.
Can the firewall in Kansas terminate one tunnel, then build a second tunnel, without having to leave the ASA?
In other words, I do not bent-pipe it to a server via the Inside address.
Thanks
jc
Solved! Go to Solution.
03-29-2013 09:43 AM
Hi,
So if I understood you correctly, you would want to build 2 L2L VPN connections from Kansas. One to Reno and one to Vermont? And you want users from Reno to be able to connect to Vermont through these connections?
There should be no problem doing this. There is no need for the traffic from Reno to go through the local network of Kansas. It will simply take a turn at the "outside" interface of Kansas and head out towards Vermont through the other L2L VPN connection.
Some things you have to take into considerations when configuring are
Also I guess you always have the option to configure a L2L VPN directly between Reno and Vermont without Kansas having anything to do with that setup.
Hopefully the information was helpfull I am not sure if this is just at planning stages or if you had already tried to configure it and had some problems?
- Jouni
03-29-2013 09:43 AM
Hi,
So if I understood you correctly, you would want to build 2 L2L VPN connections from Kansas. One to Reno and one to Vermont? And you want users from Reno to be able to connect to Vermont through these connections?
There should be no problem doing this. There is no need for the traffic from Reno to go through the local network of Kansas. It will simply take a turn at the "outside" interface of Kansas and head out towards Vermont through the other L2L VPN connection.
Some things you have to take into considerations when configuring are
Also I guess you always have the option to configure a L2L VPN directly between Reno and Vermont without Kansas having anything to do with that setup.
Hopefully the information was helpfull I am not sure if this is just at planning stages or if you had already tried to configure it and had some problems?
- Jouni
03-30-2013 07:01 AM
Jouni,
Many thanks for the quick response, and extremly helpful tips. I wish all replies were as complete as yours. I'll give it a shot on Monday and let you know.
jc
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide