Hi, I have a network with a Juniper SSL box, which connect to ASA5510 DMZ port, wher outside of the ASA is same as the outside of the SSL vpn box.
Accessing the internal network hav eno issues at all.
Now I need remote users SSL VPN to Juniper box and internaly conenct o my remote sites, which take the client connection via internet router again(throug Cisco site-to-site IPSec vpn) to th eremote site.
Can this be done, my gut feeling is "yes can be done"
Currently I am get tting no where, I dont get any ASA DMZ ACL hits if I try to access remote site resources from SSL vpn client.
Any help would be appreciated
Yes, in that case, if you are not doing any NATing, then you would need to configure NAT exemption on both the ASA and the router. Otherwise, the crypto ACL will not match which will not trigger the tunnel/SA to be created between the LAN-to-LAN IPSec tunnel.
Shouldn't be a problem.
On the Juniper SSL, you would need to check if routes has been added for the remote IPSec LAN to point towards the ASA DMZ interface ip address instead of pointing out towards the internet via the Juniper SSL box.
You would need to configure NAT exemption on the ASA box between the SSL pool subnet towards the remote IPSec LAN. Further to that, you would also include the SSL subnet towards the remote LAN subnets in the crypto ACL, and mirror image ACL on the remote site crypto ACL.
Hope that helps.