Please don’t take this the wrong way, but could you get a colleague of yours to write the problem description, in the near future. This is because I’m trying very hard to understand your problem here and assist you further. No worries bro, you rock :-)
Please do correct me if I’m wrong. What you’re trying to achieve here is, from all 4 of your remote sites, you want to have redundant IPSEC VPN Tunnels i.e. Primary VPN Tunnel to Cisco Router#2 and Secondary VPN Tunnel to the Cisco Firewall. If yes, then this setup cannot be achieved. In other words, it’s not possible for the same remote sites LAN network address to coexist in both the equipment’s.
Here’s what I would suggest you to do. Make both your Cisco Router#1 and Cisco Router#2 as the VPN Servers running on Cisco DMVPN. With this setup, all 4 of your remote sites will have 2 GRE over IPSEC ACTIVE/ACTIVE VPN tunnels to your HQ, and the redundancy would be seamless.
With this setup, all LAN users behind the Cisco Firewall 172.18.XXX.XXX will still be able to access the Internet and all 4 of your remote sites. Your Cisco Firewall will then be doing pure Firewalling.
P/S: If you think this comment is useful, please do rate them nicely :-)
Ramraj Sivagnanam Sivajanam
Technical Specialist/Service Delivery Manager – Managed Service Department
You have 2 Internet/WAN links terminated in the single firewall right???
Already you are running S2S vpns in your firewall with isp 1. Now if you connect your ISP 2 on the same firewall you want to use the same lan ranges to have the S2S vpn connected to a different Clients.....
Yes you can do that. But i feel firewall will not do much routing. So that is not the best idea.
LAN ip usage for different purpose can be done. Make sure that you need a specific route to connect with the client as well.
route outside1 22.214.171.124 255.255.255.0 124.x.x.8 like this for all the destination vpn site peers as well. This will make complex but it will work.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...