Showing results for 
Search instead for 
Did you mean: 

publishing a service over site-to-site VPN - Cisco ASA

Level 1
Level 1

Hi there 

I need to get the following scenario working and hope someone can help. 

I have two sites (A - and B- both have Cisco ASAs as their perimeter firewalls. They have site to site VPN configured between them. 

Site B has a web server ( in it's internal network. The web service (https) hosted on this server is not available via the Internet but it can be accessed from Site A via the S2S vpn. What I'm trying to do is provide access from internet, to this web service (that's hosted in site-B) using the public IP address of SITE-A. So Internet uses should be able to access this web service by using the . This request will hit the ASA at site-A, get translated/directed to over the VPN tunnel. 

Is this possible ? 

I have attached a diagram for the setup. 

Just some notes:

I have already tested with solutions via anyConnect VPN, ssl VPN and those work. But want avoid using any remote access VPN for this. 

Site A only has a Single public IP. 



2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

I'm not sure you can do that since the public IP of the random Internet-based client would never match the crypto map ACL that's used to determine what traffic is interesting for the VPN to encpasulate at Site A.

You could publish the server via site B ASA's public IP address (using something other than 443 of that's already in use there).

Thanks for your reply Marvin. Site B does't want to publish that server directly via there IP address (due to some non technical reason).

Also the users connecting from internet will only have coming from specific (known) public IPs. 

I'm going to set this up in a lab and see if it works. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: