Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
955
Views
3
Helpful
5
Replies

combining ASA 5505 and Cisco 877 ADSL Router

mannschaft
Level 1
Level 1

‎09-19-2007 04:58 AM - edited ‎02-21-2020 01:41 AM

Hi all

this is my architecture:

Internet---->Cisco 877---->ASA5505---LAN

i have 20 remote users that need to connect to the LAN from anywhere using Internet.

what is the best solution to implement VPN in my case.in the router or using the ASA. i want that the users must be authentified in the router or the ASA not in my AD.

any link or similar configuration will be helpfull for me.

i can post my actual config if somone is interesting to help.

Thanks guys.

0 Helpful
5 Replies 5

spremkumar
Level 9
Level 9

‎09-20-2007 03:48 AM

hi

i would prefer to make use of ASA to terminate vpn remote access users instead of 877 router.

we can have more control on the access in ASA using the ACL.

regds

mannschaft
Level 1
Level 1
In response to spremkumar

‎09-20-2007 04:42 AM

Hi spremkumar

i have tried vpn remote access in ASA, but i didn't success, the router was blocking the Dial.

to day i have configured VPN server on the Cisco with local Auth, a test with a remote user was successfull. when connected, the user got an IP from the router's local pool.

after connection, the user can't access to the DMZ connected to ASA.

i want to know how to permit access to user using IP adress from the router to access a server in the DMZ.

Router :

inside : 10.10.10.1

Dialer0 : static Ip from the ISP

IP Pool for VPN : 10.10.10.20-40

ASA:

Inside : 192.168.1.1

outside: 192.168.1.2

DMZ:

Ip adress: 172.16.0.1

File server in the DMZ : 172.16.0.3

"""If possible to configure VPN in ASA how can i doit with the router 877 ! i have just one static IP in my ADSL connection... """

thanks & Regards.

0 Helpful

spremkumar
Level 9
Level 9
In response to mannschaft

‎09-20-2007 05:09 AM

hi

once you are connected are you able to ping the lan interface ip of the router ?

do you also have enough acess permissions enabled in your ASA so tht your vpn pool can access the dmz ?

you can try allowing icmp to the outside interface of ASA and check whether your are able to ping the outside interface of the ASA once you are connected.

gradually you can allow the access to the dmz servers accordngly...

regds

0 Helpful

mannschaft
Level 1
Level 1
In response to spremkumar

‎09-20-2007 05:56 AM

hi

when the user is connected he is not able to ping the lan interface of the router.

yes i have enough access. i have tried some ACL's but don't success. using the IP adress in the last post, can you give me the right command line to give access VPN POOL to the DMZ ?

find attached the running config of the Router 877.

i will post the ASA Config when i will try your proposed ACL's.

Thanks & Regrads.

0 Helpful

mannschaft
Level 1
Level 1
In response to mannschaft

‎09-20-2007 06:00 AM

sorry i forget to attache lol.

it's attached now. thanks

Preview file
7 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card