Connectivity through 2 VPN tunnels without direct VPN tunnel
Can anyone help me on this.
We have a site to site VPN connection to one of our client's head office location (ASA1 to ASA2). The VPN is configured between Cisco ASA.
From client head office (ASA2), there is another site to site VPN towards a branch office (ASA2 to Router), that is configured between ASA and a router (Cisco 2800 series). Please see attached the diagram
Is it possible to access client's branch location network from our network using the two VPN tunnel (ie. from ASA1 to router without having a direct VPN. VPN for ASA1 is only towards ASA2)? If it is possible, what all additional configurations need to be done in which all devices.
This can be done with Cisco routers, because they support route-based VPNs, and also Cisco publishes the order of operations of the packet (first check acls, then routing, then crypto, etc, etc) so you know how to avoid problems if multiple simulatenous features are conflicting each other (the most classic example NAT and crypto)
Sadly Cisco doesn't publish the order of operations of packets in ASA. Maybe if we knew the order of operations we could have done a workaround with the configuration.
Also Cisco ASA doesn't support route-based vpns
For those reasons I say you can't do this with ASA.
Usually no news means good news in security, but how do you know what is working, what could be better and where you should invest? Introducing the Cisco Security Outcomes Study.
We commissioned an independent survey of 4,800 active security a...
Cisco is happy to announce their Fall release, FTD 6.7/ASA 9.15.1/FXOS 2.9, which consists of 104 features across 24 initiatives, addressing technical debt while staying true to our five core investment areas: Ease of Use and Deployment, Unified Policy an...
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ? *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting , So...
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT
Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c...