Nat (inside,outside) source static inside inside destination static branch1 branch1 Same-security-traffic permit intra-interface !- this line allows the reverse tunnel (hairpin) between different tunnels ![]() Central ASA VPN hub – Easy VPN server hostname VPNHUB Network diagramĮxternal users can connect to a central location using Cisco VPN Client to be redirected to remote locations, literally hairpinning one vpn tunnel into another, this will be described later in further detail. The choice of the correct devices for any remote location goes far beyond the scope of this text, we prefer to focus instead on the most interesting configuration details to understand how our goals were translated into Cisco nuts and bolts. define a single entry point for the whole VPN, pointed by external users to reach any remote location.not being constrained by the availability of static ip addresses or nat-free uplinks.provide remote locations with a redundant uplink to make highly available the vpn tunnel.It is common to find this kind of difficulties, they could be remote offices in developing countries or industrial plants where the IT infrastructure was not conceived from the beginning to be managed from a central location. This kind of network may be useful to manage constrained network contexts where remote branches might not have static public IP addresses available, or even worse where our devices might be placed behind third-party network boxes making some kind of NAT toward the public Internet. ![]() This article is a short tutorial, written to provide a working example of a VPN configuration where the central hub is run by a Cisco ASA firewall and remote devices are either Cisco ASA firewalls or IOS routers, all of them behaving as Easy VPN hardware clients.
0 Comments
Leave a Reply. |