Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

RA VPN via L2L


Can you help me find a sample configuration of the setup below?

I have 3 ASA FWs. FW1 and FW2 are configured with L2L VPN. Now, a third ASA, FW3, has an "outside" IP address that is of the same network of the LAN of FW2 (private IP). FW3 doesn't have a public IP address. How can I setup a host from behind FW1 to connect to FW3 via remote access VPN? Given that FW3 is only connected to FW2 (no internet).



Re: RA VPN via L2L


I am wondering the reason for a RVPN from a host behind FW1 to traverse an encrypted VPN that terminates on FW2, to be forwarded onto FW3 for decryption....when 75% of the path is already encrypted between FW1 and FW2 and FW3 has no access to the internet?


Re: RA VPN via L2L

Hi Patricia,

Do you need the data to be encrypted from FW2 to FW3??

You can do this by setting up a one-to-one NAT on FW2 for the outside IP of FW3. You then use the client VPN to connect through and ignore the existing L2L tunnel.

Or you could use the existing L2L tunnnel and setup a new L2L VPN tunnel between FW2 and FW3 and let FW2 do VPN re-routing.


New Member

Re: RA VPN via L2L

Hi Andrew/James,

Thanks for your replies. :)

I tried to configure FW3 with standard remote access VPN. It's "outside" is assigned with an IP address that is on the same network of FW2's LAN. I pointed my default route to the inside of FW2. This seems to be working fine.

Sorry if this setup confused you. But this is not the complete design. This is just but one part.