Connectivity through 2 VPN tunnels without direct VPN tunnel
Can anyone help me on this.
We have a site to site VPN connection to one of our client's head office location (ASA1 to ASA2). The VPN is configured between Cisco ASA.
From client head office (ASA2), there is another site to site VPN towards a branch office (ASA2 to Router), that is configured between ASA and a router (Cisco 2800 series). Please see attached the diagram
Is it possible to access client's branch location network from our network using the two VPN tunnel (ie. from ASA1 to router without having a direct VPN. VPN for ASA1 is only towards ASA2)? If it is possible, what all additional configurations need to be done in which all devices.
This can be done with Cisco routers, because they support route-based VPNs, and also Cisco publishes the order of operations of the packet (first check acls, then routing, then crypto, etc, etc) so you know how to avoid problems if multiple simulatenous features are conflicting each other (the most classic example NAT and crypto)
Sadly Cisco doesn't publish the order of operations of packets in ASA. Maybe if we knew the order of operations we could have done a workaround with the configuration.
Also Cisco ASA doesn't support route-based vpns
For those reasons I say you can't do this with ASA.
Join us for a detailed discussion of the integrations between Cisco Secure Email and SecureX. We’ll share the various ways that SecureX provides greater visibility across the Cisco Security landscape and demonstrate how Secure Email is the ...
ISE 2.7 FCS
To display default country code and Place holder customization please follow the below steps.
Upload the attached js file in Custom Portal Files.
Go to portal and add the below script in the Registration Form pag...
Part 1: The Basics
Hard-copy printing may feel very “old school” now, but a recent flurry of activity related to the print spooler service on Windows operating systems has brought one of the oldest IT applications back into the spotlight again. Our...
Python on Cisco Secure Email
The Python package used in our appliances is not a standard deployment --- just like AsyncOS is not your typical FreeBSD (a free and open-source Unix-like operating system descended from the Berkeley Software Distributio...
Wireless Controller WLC integration with Cisco ISE for access control through 802.1X is one of the most popular deployment in the network security field. Now is the employee PC safe after the authentication and authorization?even after the posture o...