RA VPN via L2L

Unanswered Question
Mar 2nd, 2009
User Badges:


Can you help me find a sample configuration of the setup below?

I have 3 ASA FWs. FW1 and FW2 are configured with L2L VPN. Now, a third ASA, FW3, has an "outside" IP address that is of the same network of the LAN of FW2 (private IP). FW3 doesn't have a public IP address. How can I setup a host from behind FW1 to connect to FW3 via remote access VPN? Given that FW3 is only connected to FW2 (no internet).


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JamesLuther Tue, 03/03/2009 - 02:07
User Badges:
  • Silver, 250 points or more

Hi Patricia,

Do you need the data to be encrypted from FW2 to FW3??

You can do this by setting up a one-to-one NAT on FW2 for the outside IP of FW3. You then use the client VPN to connect through and ignore the existing L2L tunnel.

Or you could use the existing L2L tunnnel and setup a new L2L VPN tunnel between FW2 and FW3 and let FW2 do VPN re-routing.


patricia20 Tue, 03/03/2009 - 18:43
User Badges:

Hi Andrew/James,

Thanks for your replies. :)

I tried to configure FW3 with standard remote access VPN. It's "outside" is assigned with an IP address that is on the same network of FW2's LAN. I pointed my default route to the inside of FW2. This seems to be working fine.

Sorry if this setup confused you. But this is not the complete design. This is just but one part.




This Discussion