I recently started at a company that has several branch sites around the country, each with an ASA that connects back to the the HQ using a Site-to-Site VPN tunnel. Prior to this, I've spent most of my time in switches in routers, so I'm not very experienced with ASAs.
I have a CCNA R&S cert that I received earlier this year. While studying, the curriculum for the CCNA was really heavy on routing protocols, indicating you could use GRE tunnels and dynamic routing protocols to connect to branch sites.
However, connecting each site with a Site-to-Site VPN tunnel seems like a much different kind of setup that what I was expecting. Is this a typical setup? From inside the HQ network, I'm unable to reach most networks behind the ASAs at remote locations. I don't see them in the routing table on the firewall here at HQ either, but they are in the Crypto Maps.
I guess I'm really struggling to understand Site-to-Site VPNs, Crypto Maps, the purpose of NAT statements that don't translate addresses, Access Rules vs the ACL Manager, and how all of that fits together.
Any advice would be much appreciated.
No comments:
Post a Comment