This evening I tried mocking up a design to create a VPN across our Corporate Network from the Outside Interface of a Cisco ASA 5505 (Remote Site) to the Inside Interface of an ASA 5510 (Local Site).
However because I was trying to communicate with the Inside Interface of my local Firewall and then have the traffic pass back OUT that interface every single packet (Pings & the VPN traffic) was being denied due to IP Spoofing Errors.
I checked and the Anti-Spoofing on all my Interfaces is currently turned off.
I understand that setting up a VPN to the Inside Interface is rather unorthodox but in this situation its necessary because although the remote site is "Corporate" so to speak they are a different subsidiary of our company and cant be allowed to view any of the information that I want to send over the tunnel.
All I can think of at present is that Im going to have to setup another Sub.Interface alongside the Inside and then route the traffic back out that somehow.
Any ideas would be appreciated and I can put up censored configs/drawings if required.
Create a new network segment inside your network (such as extranet setup), then create policy base static nat to inside interface on the ASA (local) with an ACL.
For your remote VPN tunnel peer's interesting traffic identifier ACL will include your local inside address as interesting traffice, when that particular traffic hit your FW (local) it will static translate to your new extranet subnet you created.
As far as your remote VPN peer is concern, that remote vpn peer sees only your inside(local) address on the vpn tunne.
"Just to confirm I would create this Extranet on my Core (not the firewall) and add the Inside interface to the VPN ACL on the Local FW?" Extranet network segment required when you have an IP segment conflict or you do not want to adverties remote segment on your internal cloud.
"I would then create a static NAT on the Local FW from my Inside Local Address to the Extranet when the source address is the Remote FW?" no it should be a policy static NAT as shown below.
Static policy static NAT, on local FW as example below.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...