01-30-2012 11:28 AM
Hi Folks,
This evening I tried mocking up a design to create a VPN across our Corporate Network from the Outside Interface of a Cisco ASA 5505 (Remote Site) to the Inside Interface of an ASA 5510 (Local Site).
However because I was trying to communicate with the Inside Interface of my local Firewall and then have the traffic pass back OUT that interface every single packet (Pings & the VPN traffic) was being denied due to IP Spoofing Errors.
I checked and the Anti-Spoofing on all my Interfaces is currently turned off.
I understand that setting up a VPN to the Inside Interface is rather unorthodox but in this situation its necessary because although the remote site is "Corporate" so to speak they are a different subsidiary of our company and cant be allowed to view any of the information that I want to send over the tunnel.
All I can think of at present is that Im going to have to setup another Sub.Interface alongside the Inside and then route the traffic back out that somehow.
Any ideas would be appreciated and I can put up censored configs/drawings if required.
Thanks
Ewan
01-31-2012 12:09 AM
I dont think there should be any issue configuring inside interface for VPN. Please post your confguration also mention what you trying to access.
01-31-2012 12:58 AM
Thanks for your response Ajay. Have been given the following solution (a post on an incorrect board) which Im going to trial on Saturday in the lab but please review in the meantime:
Create a new network segment inside your network (such as extranet setup), then create policy base static nat to inside interface on the ASA (local) with an ACL.
For your remote VPN tunnel peer's interesting traffic identifier ACL will include your local inside address as interesting traffice, when that particular traffic hit your FW (local) it will static translate to your new extranet subnet you created.
As far as your remote VPN peer is concern, that remote vpn peer sees only your inside(local) address on the vpn tunnel.
Thanks
Ewan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide