VPN Help

Unanswered Question
Mar 11th, 2009

Scenario:

I have a server on a remote network that I would like to connect to when I am on the road. When I am on my own network I connect without issue, but on the road I cannot establish a connection due to the ACL on the remote firewall.

I have setup a VPN tunnel on my ASA 5510. It uses a DHCP pool of two public addresses that are permitted into the remote network. The IP addresses are assigned to my VPN adapter when I connect.

Question(s):

Can I use my ASA as a relay to this remote network? And if so, what are the key steps to setting it up?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Your current setup will not work.


What you need to do is configure the VPN pool of addresses for your internal network. Then configure the VPN to tunnel ALL traffic. The you configure VPN Hairpining - effectivly this will allow all your internal/external traffic to be encrypted over the VPN client. Once the traffic is recevied by your ASA - your internal traffic will be passed out of your inside interface. The internet traffic will pass out the outside interface. once it passes out your outside interface it will be natt'd to your external IP addresses - and the remote end will allow you access.


HTH>

ric_onmdcn Wed, 03/25/2009 - 00:02

Hi Alex,

I am new to the forum and was unaware you held "Ask the expert" discussions. I would just like to say that it is a fantastic idea and would like to express how impressed I am with this forum and the quality of it's members, keep up the great work.


My query is ::::


I have cisco pix platform 6.3 version in my organisation working with default zones(inside,outside&DMZ) Now as per migration project ..we do want to migrate from current platform to Juniper paltform But i am getting stuck how to distinguish the policies on cisco paltform and groups and network objcets ??


As on juniper platform we need to apply access rule from one zone to other zone and it's very much specified but in cisco i m not able to findout the same separately ...??


It will be great help from your side if you reply me with your valuable inputs ???


Is there any software or migrating tool available in your paltform or others , pls ler me know ???


Awaiting for your reply


Thanking you very much


Regards,

Leena Goyal



Leena,


There is no migration tool from a Cisco device to another vendor. There is a Cisco migration tool from PIX to ASA - this is not the same.


The groups are identifed by name and type. Objects in the groups are identified by the same.


The groups will be attached to access-lists


The access-lists will be attached to interfaces in a particular direction.


HTH>

Actions

This Discussion