Can an ASA be setup to allow an IPSEC lan-to-lan VPN to terminate to an interface, as well as forward the traffic back out the same interface? I've got 2 ASA's, one faces the internet, referred to as the "internet firewall" and allows ISAKMP and ESP via an ACL on its outside interface (sec leven 0) through it. It passes the ipsec traffic out its "vpn dmz" interface (sec level 25) to the "VPN" interface (sec level 0)of "VPN firewall" that sits behind it. This VPN interface is the only active interface on this firewall. I want the lan-to-lan tunnel to terminate on this interface, at which point the decrypted traffic goes right back out the "vpn" interface to right back to the "vpn dmz" interface of the internet firewall. From there it gets routed out another "inside" interface destined for the internal network. I've got the "same-security-traffic permit intra-interface" command on both. No NAT'ng will be taknig place. Will this solution work?
I have this problem too.