I have 2 Cisco Pix(Pix1, Pix2) 515E(8.0.4). Between these devices exist L2L VPN, which are configured on outside interfaces. On Pix2 I configured remote access VPN on outside interace, too.
Is it possible to reach LAN behind Pix1, by using remote access VPN on Pix2 and then L2L VPN?
I don't want to configure remote access on Pix1.
nat (oustide) 1 184.108.40.206 255.255.255.0 ( PAT for RA vpn for internet access if u r doing full tunnel)
This is simply because I configured RA tunnel as full tunnel instead of split,nat (oustide ) 1 allows RA pool 220.127.116.11 have internet access through your ASA_SITE_B firewall and be translated with global ID 1 which is your outside interface of SA_SITE_B firewall. This has nothing to do with what you are trying to accomplish but I posted it since it was part of very common scenario. there are some instances for example in PIX 6.3 where you will need split tunnel so that the RA users can have internet access not going through the encrypted tunnel, code 6.0 does not support intra-interface feature but code 7.x above does. Other examples are some folks configure split RA tunnel for RA user be able to access their local resources in their homes like network printers etc..
It is therefore, I need to translate RA pool to 172.27.1.0/24?
no there is no address translation in place in this working scenario and you do not need to translate anything as long there is no overlapping networks in any of the SITES u do not need to translate, this scenario is completely nonat exempt as you are doing nat exempt access lists in both firewalls for the Networks involved in communicating through ASA_SITE_B tunnels.
Because, I want to see on PIX_SITE_A only IP addresses from 172.27.1.0/24, not 18.104.22.168/24. Is it possible to do it this way?
Im not clear on this question but if I think what it means it is possible but you will need to do Policy NATing but I think this will make configuration complicated , I would suggest to make this as simple as you can.
PLS rate any helpful posts if it helped