Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
421
Views
0
Helpful
1
Replies

URL Access required over Remote VPN

ray_stone
Level 1
Level 1

‎01-30-2014 05:22 PM - edited ‎03-11-2019 08:38 PM

Hello Experts,

We have two ASA firewalls (model 5510) one is being used for Remote VPN connections and second one is for STS Tunnel with our customers. Both firewalls are connected with internal switch and the our internal network is 192.168.73.0/24. The remote VPN firewall is connected with switch by using the network 192.168.20.0/24. The STS Tunnel firewall is connected with Internal Switch by using the same internal network 192.168.73.0/24.

Remote VPN Firewall Internal Inside IP : 192.168.20.2

Switch Internal IP connected with Remote VPN Firewall : 192.168.20.1

STS Tunnel Firewall IP connected with Switch : 192.168.73.1

Switch Internal IP connected with Switch : 192.168.73.155 (This is also the client's Gateway)

Remote VPN Pool : 192.168.10.0/24

The following routes are added on remote VPN firewall to access the 192.168.73.0/24 network along with NAT exemption rule set at Inside Interface.

192.168.73.0 255.255.255.0 Pointed to 192.168.20.1

NAT Exemption Rule : 192.168.73.0/24 192.168.10.0/24 Permit

On Switch the routes are allowed:

192.168.10.0/24 pointed to 192.168.20.2

Default route pointed to 192.168.73.1

We have one STS Tunnel estlablished with our customers to have the access of URL's which is working from internal machines and now we want that the URL's to be accessed through remote VPN for users.

Lets say the URL IP is 1.1.1.1.

According to me, I would add a route pointed to switch (1.1.1.1/32 to 192.168.20.1) on remote VPN firewall along with NAT exemption rule (1.1.1.1 to 192.168.10.0/24 Permit). No changes are required on Switch. Add the Subnet (192.168.10.0/24) in the intersting traffic access list on STS Tunnel firewall and add a reverse route pointed to Switch (192.168.10.0/24 to 192.168.73.155). I hope this config will work.

Please provide your inputs on this and alternation solution in case we don't make changes on STS firewall. Can it be done by doing some NATTING on remote VPN firewall. My mean is here to do the Policy NAT and convert the source IP (192.168.10.x) to (192.168.73.x) so that we don't to make the changes on STS Tunnel firewall.

Please confirm if it's possible

Thanks

Labels:
0 Helpful
1 Reply 1

ray_stone
Level 1
Level 1

‎01-31-2014 03:51 AM

Can somebody please respond?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card