Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
455
Views
0
Helpful
5
Replies

VPN Help

kellyrudnick
Level 1
Level 1

‎03-11-2009 12:33 PM - edited ‎03-11-2019 08:03 AM

Scenario:

I have a server on a remote network that I would like to connect to when I am on the road. When I am on my own network I connect without issue, but on the road I cannot establish a connection due to the ACL on the remote firewall.

I have setup a VPN tunnel on my ASA 5510. It uses a DHCP pool of two public addresses that are permitted into the remote network. The IP addresses are assigned to my VPN adapter when I connect.

Question(s):

Can I use my ASA as a relay to this remote network? And if so, what are the key steps to setting it up?

Labels:
0 Helpful
5 Replies 5

andrew.prince
Level 10
Level 10

‎03-12-2009 03:08 AM

Your current setup will not work.

What you need to do is configure the VPN pool of addresses for your internal network. Then configure the VPN to tunnel ALL traffic. The you configure VPN Hairpining - effectivly this will allow all your internal/external traffic to be encrypted over the VPN client. Once the traffic is recevied by your ASA - your internal traffic will be passed out of your inside interface. The internet traffic will pass out the outside interface. once it passes out your outside interface it will be natt'd to your external IP addresses - and the remote end will allow you access.

HTH>

0 Helpful

kellyrudnick
Level 1
Level 1
In response to andrew.prince

‎03-16-2009 06:25 AM

Will it be encrypted going out to the remote site if there is not an existing L2L tunnel between us?

0 Helpful

andrew.prince
Level 10
Level 10
In response to kellyrudnick

‎03-16-2009 06:27 AM

No.

0 Helpful

ric_onmdcn
Level 1
Level 1

‎03-25-2009 12:02 AM

Hi Alex,

I am new to the forum and was unaware you held "Ask the expert" discussions. I would just like to say that it is a fantastic idea and would like to express how impressed I am with this forum and the quality of it's members, keep up the great work.

My query is ::::

I have cisco pix platform 6.3 version in my organisation working with default zones(inside,outside&DMZ) Now as per migration project ..we do want to migrate from current platform to Juniper paltform But i am getting stuck how to distinguish the policies on cisco paltform and groups and network objcets ??

As on juniper platform we need to apply access rule from one zone to other zone and it's very much specified but in cisco i m not able to findout the same separately ...??

It will be great help from your side if you reply me with your valuable inputs ???

Is there any software or migrating tool available in your paltform or others , pls ler me know ???

Awaiting for your reply

Thanking you very much

Regards,

Leena Goyal

0 Helpful

andrew.prince
Level 10
Level 10
In response to ric_onmdcn

‎03-25-2009 12:06 AM

Leena,

There is no migration tool from a Cisco device to another vendor. There is a Cisco migration tool from PIX to ASA - this is not the same.

The groups are identifed by name and type. Objects in the groups are identified by the same.

The groups will be attached to access-lists

The access-lists will be attached to interfaces in a particular direction.

HTH>

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card