04-21-2009 01:00 AM - edited 03-11-2019 08:20 AM
HI,
My network design is explained and my requirement also briefed below.Can anyone help me?
1. Service Provider's ADSL line is terminated at the service providers ADSL router.
2.ADSL router ethernet interface is connected to a Nortel VPN router.
3.Now the Nortel VPN router private interface is connected to outside interface of the Cisco ASA firewall.
4.The end user is having 8 valid public IP apart from the ADLS WAN interface IP address.
5.Inside network is connected to a inside interface of a ASA through L2 Manageable switch.
6. Customer is having WEB server and Mail server in the DMZ interface.
7.Now I want to have the Remote VPN and SSL VPN,How to configure these two in Cisco ASA.How to do the NATTING?
Please help me to configure.
Best Regards.
04-21-2009 01:34 AM
Does the Nortel device support SSL VPN and normal VPN?
04-21-2009 03:08 AM
Hi,
Yes it is basically a Nortel Contivity VPN router,which supports VPN (50 VPN tunnels) but whether it supports SSL VPN I will have to check it up.
My problem is ahead of Cisco ASA there 2 L3 devices are there,One is Nortel VPN router,then Service Providers Router in that case how I am going to do the Dynamic NAT for my internal users to access the Internet,One NATTING has to be configured in ASA and then the Nortel BOX also should do the NATTING,I am little confused in this NATTING.
Please guide me.
Regards,
04-21-2009 03:14 AM
OK - lets get a hold of the topology
1(ISP Router)<>2(Nortel VPN)<>3(ASA)<>4 (Internal Network)
Where does NAT currently take place if the above diagram is correct?
04-21-2009 04:58 AM
Hi,
Yes...topology is correct,the ASA has a DMZ zone where two servers are there,for the mobile use should access these servers through SSLVPN.
How and Where should I do the NATTING.
Regards,
04-21-2009 05:01 AM
Well to be honest, if the customer has 8 internet routable IP addresses they don't want to waste them.
I would perform the NATTING on the Nortel VPN router, then either config PAT ot specific 1:1 for the VPN/DMZ Servers.
HTH>
04-21-2009 05:02 AM
or you could just remove the Nortel router, and connect the ASA directly into the ISP equipment - then NAT on the ASA.
HTH>
04-21-2009 05:10 AM
Hi andrew,
Without the Nortel,with only ASA ,I have done the dynamic NAT for the internal users,and static NAT for teh servers in the DMZ and Remote VPN configured and tested it is working fine.
Since end user bought the Nortel VPN router ,which has to be implemented.
You said NATTING in the nortel and VPN/DMZ 1:1 PAT in the ASA is it?
Thanks support extended to me.
Regards,
newzion123
04-21-2009 05:13 AM
Can I ask why the nortel was bought and must be used?
What function is this Nortel to do?
04-21-2009 09:47 PM
Hi andrew,
Really I do not know why they purchased this box.
Regards.
04-22-2009 12:37 AM
OK "why" is not as important as "what"
What is the device ecpected to do as this will influence the placement in the topology and the required config to place into the network?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide