Currently I have my VPN working fine for external users, but would like to give access to my internal "Guest" users as well.
I know I can enable VPN on the inside interface, but the problem here is that my guests use Google's DNS servers, so my VPN record always points to the outside IP address. I don't want to be forced to setup a new DNS server just for this, or to use different DNS records for when the users are inside.
I would like to ask:
- How can I allow inside users access VPN through outside IP address?
- Alternativelly, how can I make ASA rewrite the google's return DNS record to my inside VPN address?
Firstly, what is the purpose of VPN within the inside network because essentially the traffic will only be encrypted towards the ASA, and traffic between the ASA back towards the internal resources are unencrypted anyway and they are all within your internal network.
To answer your question:
- You can't VPN to the outside IP if you are connected to the inside interface of the ASA. You can however VPN to the inside interface of the ASA if required.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...