RA VPN via L2L

Unanswered Question
Mar 2nd, 2009

Hi,

Can you help me find a sample configuration of the setup below?

I have 3 ASA FWs. FW1 and FW2 are configured with L2L VPN. Now, a third ASA, FW3, has an "outside" IP address that is of the same network of the LAN of FW2 (private IP). FW3 doesn't have a public IP address. How can I setup a host from behind FW1 to connect to FW3 via remote access VPN? Given that FW3 is only connected to FW2 (no internet).

Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JamesLuther Tue, 03/03/2009 - 02:07

Hi Patricia,

Do you need the data to be encrypted from FW2 to FW3??

You can do this by setting up a one-to-one NAT on FW2 for the outside IP of FW3. You then use the client VPN to connect through and ignore the existing L2L tunnel.

Or you could use the existing L2L tunnnel and setup a new L2L VPN tunnel between FW2 and FW3 and let FW2 do VPN re-routing.

Regards

patricia20 Tue, 03/03/2009 - 18:43

Hi Andrew/James,

Thanks for your replies. :)

I tried to configure FW3 with standard remote access VPN. It's "outside" is assigned with an IP address that is on the same network of FW2's LAN. I pointed my default route to the inside of FW2. This seems to be working fine.

Sorry if this setup confused you. But this is not the complete design. This is just but one part.

Ta,

Patricia

Actions

This Discussion