Hello folks,
In order to improve security across our multiple sites, I've established a VPN tunnel between our office gateway and a server rack at a secondary site.
Previously, I had an IP restriction policy and all the allowed traffic was through TCP (although some was unencrypted). What we used to do when we had to work on the remote site from home was connect via road warrior VPN (IPSec or SSL) and then connect to the other site: the NAT would translate our VPN Pool IP to the site 1 gateway and the packet filter rul at the other end would allow it. Here is the schema:
Road warrior user --(IPSec/SSL)--> ASG 1 --(IPSec)--> ASG2 --> final host
Now that we've established a tunnel, I don't think we can do that any more as we're not going through the ASG 1 NAT and therefore, we're getting rejected by the ASG 2 network rules since the VPN IP pool is unknown to it.
We need to be able to connect to both networks at the same time to work efficiently.
We also need to limit the allowed ports to the second site, even though they come through a VPN.
What's the best way to handle this ?
This thread was automatically locked due to age.
