Link to home
Start Free TrialLog in
Avatar of Wyant Niswonger
Wyant NiswongerFlag for United States of America

asked on

Force access to remote sites not in the headend site to appear to come from headend

I have a productions network with a Cisco ASA5512x at the headend. There are various site to site VPN's connected to the network, all from ASA's (5505/6). I implemented "jump" servers at several of my larger customers to try and cut down on SSH attempts from unknown sources. This has worked great, but now, my ability to access those jump servers from the other end of the tunnel (my remote office, etc) does not work. I have to RDP to a session at the head end and then use Putty from there to get to the jump server. I have tried various way of routing the traffic, but I am not being particularly successful. What I would like is:
Remote Site 172.20.170.x --> Site to Site to Headend (172.20.x.x)
SSH to REAL_INTERNET_IP --> Route through tunnel to hit site.

FWIW, I am using VanDyke SecureCRT and / or Putty.

I am split tunneling and I do not want ALL internet traffic to go through the tunnel. Thoughts?
ASKER CERTIFIED SOLUTION
Avatar of max_the_king
max_the_king

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Wyant Niswonger

ASKER

I do have that enabled but the problem I run into is that one of my remotes - where I am located at frequently - has a dynamic IP address.
I guess I should clarify something. From the Head End site, I access customer's jump servers that are accessible on the internet. Since the headend has a static IP, I am able to set a white list on the customer site. But the remote sites are dynamic site to site vpn's with split tunneling to allow local access to the internet, but interesting traffic to flow across the vpn. I added a customer remote (on the internet) jump server to the allowed traffic on both sides of the tunnel, but it still does not seem to work.
Any help?
Avatar of max_the_king
max_the_king

seems to be best possible solution