03-03-2020 01:19 AM
Hello Everyone,
I have something I cannot wrap my head around, and let’s see if you can help me out,
We have two clustered ASA 5516, running 3 “main” interfaces; Outside, Inside and Clients.
Inside is running the management, hosts, routers, switches, and FWS.
On Clients, we are running different subinterfaces, one per client, one private C-net and each in their VLAN. Works perfectly.
GigabitEthernet1/3.170
GigabitEthernet1/3.171
GigabitEthernet1/3.172
etc
Clients are connecting through VPN Clients from outside or distant offices, (some on site-to-site from ASA 5506). Works perfectly.
From inside, we cannot connect to any of the above client subnets over VPN, since we are already on the inside. We do not want to route the full network, so all can access, nor do we want “enable traffic between two or more interfaces on the same security levels”, seems to do the same, all access.
The best way would be to allow VPN access from inside, is that even possible?
Or I’m I missing something crucial here,
Thanks in advance,
Cheers
Anders
03-03-2020 01:25 AM
03-03-2020 08:16 AM
Hi,
It's not clear what you're trying to achieve: "From inside, we cannot connect to any of the above client subnets over VPN, since we are already on the inside. We do not want to route the full network, so all can access, nor do we want “enable traffic between two or more interfaces on the same security levels”, seems to do the same, all access."
Better said, who needs to be able to speak with who, and under what restrictions.
Regards,
Cristian Matei.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide