Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

EzVPN ASA headend to 1921 Remote in NEM mode, loopback?

Hi there,

I have a few 1921 EzVPN hardware remotes in Network Extension Mode tunneling to ASA headend device.

Works fine.

The challenge is that Zone Based Firewall in the routers, has to define an Out-to-In Zone-pair allowing traffic initiated from head-end lan.

That Out-to-In pair, to my understanding, is also allowing the same traffic coming in the outside interface itself.

So my Q is: Can I somehow terminate the tunnel on a loopback interface on the remote router and thereby distinguish between tunnel/outside incoming traffic in my ZBF config?

Do you have example config for this or for another solution to this challenge?

Please ;-)

Rgds

Thomas

Everyone's tags (4)
177
Views
0
Helpful
0
Replies
CreatePlease to create content