Showing results for 
Search instead for 
Did you mean: 

Providing vpn access to customer to all of my vpn traffic

Level 1
Level 1


We have a vendor that does monitoring for us. We have a site to site VPN tunnel with them using Cisco ASA 5515-x. In order to monitor remote locations for us, they want access to all of our 200+ site to site tunnels so they access those devices for monitoring. At one point this was working and then a new FW was put in place and I cannot duplicate it.

I understand that a hairpin can be used, but for that Cisco is telling me that I will have to reach out to all 200+ sites to add this vendor VPN traffic. I do not want to do this.


In the past when it was working, someone had used an outside, outside nat and natted the traffic to an IP on our end ( and traffic would be natted to this IP and then go out. In essence shortcut to all remote locations since our inside ip is already exempt to all 200+ site.


ex: nat (outside,outside) source static 10.220.xx.xx 10.220.xx.xx destination static inside range) (vendor)


this was working, but for the life of me, i cannot duplicate this on the new FW. What can i do?

1 Reply 1

Hall of Fame
Hall of Fame

Stil you can monitor sameway the way you used to before, can you provide show run your HO side and 1 from vendor config to check how the rules setup done.



***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help