cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
413
Views
0
Helpful
1
Replies
Highlighted
Beginner

Providing vpn access to customer to all of my vpn traffic

hello,

We have a vendor that does monitoring for us. We have a site to site VPN tunnel with them using Cisco ASA 5515-x. In order to monitor remote locations for us, they want access to all of our 200+ site to site tunnels so they access those devices for monitoring. At one point this was working and then a new FW was put in place and I cannot duplicate it.

I understand that a hairpin can be used, but for that Cisco is telling me that I will have to reach out to all 200+ sites to add this vendor VPN traffic. I do not want to do this.

 

In the past when it was working, someone had used an outside, outside nat and natted the traffic to an IP on our end (10.0.0.10) and traffic would be natted to this IP and then go out. In essence shortcut to all remote locations since our inside ip is already exempt to all 200+ site.

 

ex: nat (outside,outside) source static 10.220.xx.xx 10.220.xx.xx destination static 10.0.0.10(our inside range) 10.250.250.10 (vendor)

 

this was working, but for the life of me, i cannot duplicate this on the new FW. What can i do?

Everyone's tags (5)
1 REPLY 1
Highlighted
VIP Mentor

Re: Providing vpn access to customer to all of my vpn traffic

Stil you can monitor sameway the way you used to before, can you provide show run your HO side and 1 from vendor config to check how the rules setup done.

 

BB
*** Rate All Helpful Responses ***