Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
472
Views
0
Helpful
1
Replies

Site to Site VPN with Authentication for Network Access (cut-through-proxy)

kai-netpro
Level 1
Level 1

‎09-11-2020 01:23 AM

We do have a Site to Site VPN from an external Supporter to an ASA5516 with 9.8(4). Traffic from inside to the external Supporter should be allowed (Traffic to external Monitoring system), but we like to authenticate every connection from the external Supporter to inside Systems with OTP authentication (RADIUS).

 

We tested cut-through-proxy with listener Port without a VPN successful:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113363-asa-cut-through-config-00.html

 

We weren’t able to configure cut-through-proxy with a Site to Site VPN: We couldn’t reach/configure the listener Port thru the VPN-Tunnel and we weren’t able to authenticate sessions.

 

Is it possible to combine Site2Site VPN with cut-through-proxy Authentication?

Is there another way to control (authenticate) traffic with a Site2Site VPN ?

 

Thanks in advance.

Labels:
0 Helpful
1 Reply 1

mcabrejo
Cisco Employee
Cisco Employee

‎07-26-2022 08:33 AM

Hi Kai, were you able to find out if this is possible? in my case i need to do B2B VPN tunnel, and CTP there after.

0 Helpful
Customers Also Viewed These Support Documents