I have a little VPN design problem (check the attached JPEG).
I need to set this up so that the VPN users have full access to the public servers. They are protected by the transparent firewall that only allows access to certain ports. The servers has the ISP router as their gateway. This shouldn't be a problem but I'm struggling to wrap my head around this.
I'm thinking the simplest way would be to configure remote VPN like normally and turning off split tunneling. There's no requirement on blocking outgoing traffic so in theory the VPN traffic should go straight to the servers and not bounce in the ISP router since the ASA and the servers are connected to the same switch.
Does this sound reasonable or is the a stupid way to go about it? Any examples on how I can achieve this? The ASA is replacing an old VPN solution that assigns VPN users public IP's in the same range as the servers so I can't really redesign the whole network like I would want.
I was thinking that I wouldn't have to since the ASA and the switch are connected to the same switch behind the transparent firewall and they are all in the same subnet. Outgoing traffic was going to be NATed to the public IP on the ASA which is in the same subnet as the servers.Maybe that doesn't work and a static route like you suggested is a better solution.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :