We have two ASA firewalls (model 5510) one is being used for Remote VPN connections and second one is for STS Tunnel with our customers. Both firewalls are connected with internal switch and the our internal network is 192.168.73.0/24. The remote VPN firewall is connected with switch by using the network 192.168.20.0/24. The STS Tunnel firewall is connected with Internal Switch by using the same internal network 192.168.73.0/24.
Remote VPN Firewall Internal Inside IP : 192.168.20.2
Switch Internal IP connected with Remote VPN Firewall : 192.168.20.1
STS Tunnel Firewall IP connected with Switch : 192.168.73.1
Switch Internal IP connected with Switch : 192.168.73.155 (This is also the client's Gateway)
Remote VPN Pool : 192.168.10.0/24
The following routes are added on remote VPN firewall to access the 192.168.73.0/24 network along with NAT exemption rule set at Inside Interface.
192.168.73.0 255.255.255.0 Pointed to 192.168.20.1
We have one STS Tunnel estlablished with our customers to have the access of URL's which is working from internal machines and now we want that the URL's to be accessed through remote VPN for users.
Lets say the URL IP is 18.104.22.168.
According to me, I would add a route pointed to switch (22.214.171.124/32 to 192.168.20.1) on remote VPN firewall along with NAT exemption rule (126.96.36.199 to 192.168.10.0/24 Permit). No changes are required on Switch. Add the Subnet (192.168.10.0/24) in the intersting traffic access list on STS Tunnel firewall and add a reverse route pointed to Switch (192.168.10.0/24 to 192.168.73.155). I hope this config will work.
Please provide your inputs on this and alternation solution in case we don't make changes on STS firewall. Can it be done by doing some NATTING on remote VPN firewall. My mean is here to do the Policy NAT and convert the source IP (192.168.10.x) to (192.168.73.x) so that we don't to make the changes on STS Tunnel firewall.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...