I have attached a simple diagram of the setup.I want to setup IPSec VPN site-to-site setup between branch office and headoffice(LAN). Both sites are having ASA5520 and i was able to setup vpn tunnel between branch office and LAN but without linux firewall in place.
We put linux firewall for additional security layer.Linux Firewall is connected to ASA inside interface.how can I allow VPN traffic to inside LAN?
If servers on DMZ wants to access servers on LAN we have created a static nat rule as below
static (inside,dmz) 10.10.10.2 172.16.9.2 netmask 255.255.255.255
then create access-list followed by access-group and then on linux firewall we open the necessary ports.Do I have to apply this same procedure to VPN setup?