Connectivity through 2 VPN tunnels without direct VPN tunnel
Can anyone help me on this.
We have a site to site VPN connection to one of our client's head office location (ASA1 to ASA2). The VPN is configured between Cisco ASA.
From client head office (ASA2), there is another site to site VPN towards a branch office (ASA2 to Router), that is configured between ASA and a router (Cisco 2800 series). Please see attached the diagram
Is it possible to access client's branch location network from our network using the two VPN tunnel (ie. from ASA1 to router without having a direct VPN. VPN for ASA1 is only towards ASA2)? If it is possible, what all additional configurations need to be done in which all devices.
This can be done with Cisco routers, because they support route-based VPNs, and also Cisco publishes the order of operations of the packet (first check acls, then routing, then crypto, etc, etc) so you know how to avoid problems if multiple simulatenous features are conflicting each other (the most classic example NAT and crypto)
Sadly Cisco doesn't publish the order of operations of packets in ASA. Maybe if we knew the order of operations we could have done a workaround with the configuration.
Also Cisco ASA doesn't support route-based vpns
For those reasons I say you can't do this with ASA.
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P...
On R1, configure a key ring that defines the peer R3:Address: 22.214.171.124Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 126.96.36.199R1(config-ikev2-keyring-pee...
This document shows how to use the Port Radius NAS PORT Id Attribute in a compound condition to control access with 802.1X.A user jdoe is allowed to access the network only through the physical port FastEthernet 0/1 of the switch and the user jwhite is al...
This document provides a configuration example of Security Assertion Markup Language (SAML) Authentication on FTD managed over FDM. The configuration allows Anyconnect users to establish a VPN session authenticating with a SAML Identity Serv...
DMVPN Dual Hub Dual Cloud Pros and ConsProsNo single point of failureQuick failover if routing protocols are tunedLoad balancing is easyTraffic engineering is easyEasy to work with multiple ISPsConsNeed 2 tunnels per spokeConfiguration is more complicated...