I have a case with a customer who has a cluster of two ASA 5510 running 8.4.7.
Until now the remote access clients through IPsec tunnel were communicating
with the internal network of Site A: 18.104.22.168/24.
Now the customer would like that the clients connected toSite A with an IP address in the
pool 192.168.1.1-100 could also communicate with the internal network of Site B: 172.16.1.0/24.
- So first i think that by adding the 'reverse route' i will have the return route on site A for the VPN pool addresses
" crypto dynamic-map DynoMap 10 set reverse route"
- Then i have to add the 192.168.1.0 in the NAT command to the current one
nat (inside,outside) source static 22.214.171.124 126.96.36.199 destination static 172.16.1.0 172.16.1.0 no-proxy-arp
- and modify the current access-list:
access-list outside_cryptomap extended permit ip 188.8.131.52 172.16.1.0
The connections will only be initiated from Site A so on site B i have just to ask to the administrator
to indicate how to reach network 192.168.1.0 through Outside interface IP address of Site A.
Does it make sense what i propose or is there a solution more adapted.
It would be easier if the remote clients could ditectly connect to Site B but it isn't authorized.