Layer 2 Tunneling via a Site to Site VPN between two ASA5505
I got a problem with two ASA5505.
I have to connect two remote sites using an IPSec Tunnel (Site to Site VPN). The devices to be used are two Cisco ASA 5505. They have already been connected to the internet and configured and they can see and ping each other via the “outside” interface.
The point is that both networks behind the ASAs (inside interface) have to have the same network address band (Layer 2 Tunneling).
From my experience with the routers and switches, I know that using normal routers it is possible to establish these kind of Layer 2 connections (with xconnect). I already did that several times. The problem is that I never had to do anything with the Cisco ASA Firewalls.
Is it possible to do this? I have searched a lot and i fear it won't be possible.... :-(
Should it not be possible to do this L2T connection, is somehow possible to configure both ASAs one as VPN Server and the other as VPN Client so that they establish a 'L2TP over IPSec' connection?
Site A - NAT - 192.168.1.0 /24 ( NAT IP Subnet for 10.0.0.0/24 in Site A)
Site B - LAN - 10.0.0.0/24 (Real IP Address)
Site B - NAT - 192.168.2.0 /24 ( NAT IP Subnet for 10.0.0.0/24 in Site B)
So instead of creating an crypto encryption domain between 2 sites with 10.0.0.0 to 10.0.0.0.... you are creating here with 192.168.1.0/24 to 192.168.2.0/24.....
in this from site A - 10.0.0.10 host.... if you want to ping 10.0.0.10 @ site B.... You will be pinging to 192.168.2.10 ( NAT IP).... so when it traverses and hits the FW it will get translated to 10.0.0.10.... same way vice versa....
so you do not need to change the ip address in real..... you are changing it with NAT and access that through a NAted IP segment...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...