combining ASA 5505 and Cisco 877 ADSL Router

Unanswered Question
Sep 19th, 2007

Hi all

this is my architecture:

Internet---->Cisco 877---->ASA5505---LAN

i have 20 remote users that need to connect to the LAN from anywhere using Internet.

what is the best solution to implement VPN in my case.in the router or using the ASA. i want that the users must be authentified in the router or the ASA not in my AD.

any link or similar configuration will be helpfull for me.

i can post my actual config if somone is interesting to help.

Thanks guys.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
spremkumar Thu, 09/20/2007 - 03:48

hi

i would prefer to make use of ASA to terminate vpn remote access users instead of 877 router.

we can have more control on the access in ASA using the ACL.

regds

mannschaft Thu, 09/20/2007 - 04:42

Hi spremkumar

i have tried vpn remote access in ASA, but i didn't success, the router was blocking the Dial.

to day i have configured VPN server on the Cisco with local Auth, a test with a remote user was successfull. when connected, the user got an IP from the router's local pool.

after connection, the user can't access to the DMZ connected to ASA.

i want to know how to permit access to user using IP adress from the router to access a server in the DMZ.

Router :

inside : 10.10.10.1

Dialer0 : static Ip from the ISP

IP Pool for VPN : 10.10.10.20-40

ASA:

Inside : 192.168.1.1

outside: 192.168.1.2

DMZ:

Ip adress: 172.16.0.1

File server in the DMZ : 172.16.0.3

"""If possible to configure VPN in ASA how can i doit with the router 877 ! i have just one static IP in my ADSL connection... """

thanks & Regards.

spremkumar Thu, 09/20/2007 - 05:09

hi

once you are connected are you able to ping the lan interface ip of the router ?

do you also have enough acess permissions enabled in your ASA so tht your vpn pool can access the dmz ?

you can try allowing icmp to the outside interface of ASA and check whether your are able to ping the outside interface of the ASA once you are connected.

gradually you can allow the access to the dmz servers accordngly...

regds

mannschaft Thu, 09/20/2007 - 05:56

hi

when the user is connected he is not able to ping the lan interface of the router.

yes i have enough access. i have tried some ACL's but don't success. using the IP adress in the last post, can you give me the right command line to give access VPN POOL to the DMZ ?

find attached the running config of the Router 877.

i will post the ASA Config when i will try your proposed ACL's.

Thanks & Regrads.

Actions

This Discussion