This evening I tried mocking up a design to create a VPN across our Corporate Network from the Outside Interface of a Cisco ASA 5505 (Remote Site) to the Inside Interface of an ASA 5510 (Local Site).
However because I was trying to communicate with the Inside Interface of my local Firewall and then have the traffic pass back OUT that interface every single packet (Pings & the VPN traffic) was being denied due to IP Spoofing Errors.
I checked and the Anti-Spoofing on all my Interfaces is currently turned off.
I understand that setting up a VPN to the Inside Interface is rather unorthodox but in this situation its necessary because although the remote site is "Corporate" so to speak they are a different subsidiary of our company and cant be allowed to view any of the information that I want to send over the tunnel.
All I can think of at present is that Im going to have to setup another Sub.Interface alongside the Inside and then route the traffic back out that somehow.
Any ideas would be appreciated and I can put up censored configs/drawings if required.
Thanks for your response Ajay. Have been given the following solution (a post on an incorrect board) which Im going to trial on Saturday in the lab but please review in the meantime:
Create a new network segment inside your network (such as extranet setup), then create policy base static nat to inside interface on the ASA (local) with an ACL.
For your remote VPN tunnel peer's interesting traffic identifier ACL will include your local inside address as interesting traffice, when that particular traffic hit your FW (local) it will static translate to your new extranet subnet you created.
As far as your remote VPN peer is concern, that remote vpn peer sees only your inside(local) address on the vpn tunnel.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...