04-08-2014 12:04 AM
Hi,
I have a ASA 5580 to do site to site VPN with our partner. VPN connection is go through my outside interface and Local LAN for the VPN is from the outside interface too. Is it possible to do it? Thanks.
Solved! Go to Solution.
04-08-2014 06:14 AM
The layout you describe is contrary to the fundamental firewall concept of establishing trusted and untrusted (higher and lower security level) interfaces.
If your local LAN is on the outside interface, what is to stop the remote users from simply accessing it directly?
04-08-2014 06:14 AM
The layout you describe is contrary to the fundamental firewall concept of establishing trusted and untrusted (higher and lower security level) interfaces.
If your local LAN is on the outside interface, what is to stop the remote users from simply accessing it directly?
04-09-2014 07:38 PM
Dear Marvin,
Thanks for your advice.
After I change local LAN to other interface on firewall, problem is resolved.
The request is to connect Remote LAN are using public IP and Local LAN are using private IP(cannot NAT to public IP for technical reason). That’s why we think to establish VPN tunnel between them.
I found another way to resolve it but never try since the problem is resolved.
———————————————————————————————————————————————————————————
http://www.cisco.com/c/en/us/td/docs/security/asa/asa81/command/ref/refgd/s1.html#wp1383263
The same-security-traffic intra-interface command lets traffic enter and exit the same interface, which is normally not allowed. This feature might be useful for VPN traffic that enters an interface, but is then routed out the same interface. The VPN traffic might be unencrypted in this case, or it might be reencrypted for another VPN connection. For example, if you have a hub and spoke VPN network, where the security appliance is the hub, and remote VPN networks are spokes, for one spoke to communicate with another spoke, traffic must go into the security appliance and then out again to the other spoke.
———————————————————————————————————————————————————————————
Anyway, thanks again for your advice. :-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide