I want to use AAA, Syslog, TFTP and DHCP relay services on a Cisco ASA 5520 (branch office) connected through a VPN IPSec Site-to-Site tunnel
with a Cisco ASA 5520 at our central site. I set up the vpn site-to-site tunnel, as described in the documentation.
The inside interface from the branch office ASA is configured as the management interface:
asa-remote-office(config)# management-access inside
I can connect via ssh/https the inside interface (branch office) through the site-to-site tunnel when I come from the central site network.
No problem and it works!
On the remote site I can ping the DCHP, Syslog, TFTP and Cisco Secure ACS (AAA) servers from the inside interface (source) so the VPN tunnel is up.
Also I permitted all IP traffic through the tunnel for the sake of convenience.
My problem is now: How can I configure the remote ASA to use the AAA, Syslog, TFTP, DHCP relay service at our central site (through the VPN tunnel)?
By the way I don't want to bind this services to the outside interface as described in
The inside interface IP of the ASA should be the source of this traffic!!! Using the outside interface ip would not work functionally because the ASA 5520 on the central side is attached to another ASA 5540 main firewall and I can not route the external outside ip (from the branch office asa) through the ASA 5540 (In case of no site-to-site tunnel can be established between the two ASA 5520).
Does anyone have experience on such constellation?
Is there a configuration example with centralized services (AAA, syslog, tftp, dhcp etc.) through IPSEC site-to site?!?
Thanks in advance!