is it possibile to use an ASA 5505 as a single-interface (inside only) L2L VPN endpoint?
Customer has a simple 192.168.1.0/24 LAN, with a gateway to the Internet. I'm allowed to install a 5505 to VPN on his LAN, no more. The idea is that the 5505 does L2L to the 10.0.0.0/8 at the central site (running a 5520) and on the clients and explicit route is set to 10.0.0.0/8 via the ASA (which has a fixed address on the 192.168.1.0/24 customer's LAN).
Will it work? the 5505 sends out IKEv1, NAT-T and stuff, but gets no reply, as nothing arrives on the 5520.
Connectivity to the 5520 is working, as I can AnyConnect and EasyConnect to it from the same LAN (with my PC and another 5505 with regular inside and outside, of course).
As a plus, but only to be implemented once the VPN works, I would like to later NAT the customer's LAN in order to present it to the central site as something more coherent with our numbering plan. I've done it before, but not with a single interface. Any caveats?
Do you mean to say that ASA 5505 @ customer site will have only single interface? Just you will ve having inside interface alone.... no other interfaces configured and you want to make the L2L connection from central site to customer site using single interface @ one end? All you need is the traffic from the central site should reach customer site and you want to have in and out through the same interface?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...