hello,
We have a vendor that does monitoring for us. We have a site to site VPN tunnel with them using Cisco ASA 5515-x. In order to monitor remote locations for us, they want access to all of our 200+ site to site tunnels so they access those devices for monitoring. At one point this was working and then a new FW was put in place and I cannot duplicate it.
I understand that a hairpin can be used, but for that Cisco is telling me that I will have to reach out to all 200+ sites to add this vendor VPN traffic. I do not want to do this.
In the past when it was working, someone had used an outside, outside nat and natted the traffic to an IP on our end (10.0.0.10) and traffic would be natted to this IP and then go out. In essence shortcut to all remote locations since our inside ip is already exempt to all 200+ site.
ex: nat (outside,outside) source static 10.220.xx.xx 10.220.xx.xx destination static 10.0.0.10(our inside range) 10.250.250.10 (vendor)
this was working, but for the life of me, i cannot duplicate this on the new FW. What can i do?