Is it possible to set up a VPN between a remote router and a headend VPN3000 whereby all traffic (traffic destined for the central office as well as traffic destined for the Internet) from the remote end comes in to the VPN3000.
That is, the remote router will not be split tunneling. I believe this scenario is possible in a router to router setup, but would like to know if it is possible in a router to VPN3000 setup.
This is the 3rd time I've answered this post and my browser keeps locking up when I try to post it, so if it doesn't work this time I give up :-)
Yes, you can do this. Put the Private filter on the Public interface, cause you'll have unencrypted packets coming from the Internet now. Add an Access Control List under the Admin section so that only your internal network can browse to your admin GUI just to be more secure.
On the router your crypto ACl will be something like:
> access-list 100 permit ip 10.1.1.0 0.0.0.255 any
On the 3000 put 0.0.0.0/255.255.255.255 and 10.1.1.0/0.0.0.255 as your Local and Remote Networks respectively in the L2L configuration.
Run 3.5 or higher on the 3000 cause older versions complained about the 0.0.0.0 as a network in the L2L section.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...