cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
782
Views
0
Helpful
10
Replies

ASA and Nortel VPN

newzion123
Level 1
Level 1

HI,

My network design is explained and my requirement also briefed below.Can anyone help me?

1. Service Provider's ADSL line is terminated at the service providers ADSL router.

2.ADSL router ethernet interface is connected to a Nortel VPN router.

3.Now the Nortel VPN router private interface is connected to outside interface of the Cisco ASA firewall.

4.The end user is having 8 valid public IP apart from the ADLS WAN interface IP address.

5.Inside network is connected to a inside interface of a ASA through L2 Manageable switch.

6. Customer is having WEB server and Mail server in the DMZ interface.

7.Now I want to have the Remote VPN and SSL VPN,How to configure these two in Cisco ASA.How to do the NATTING?

Please help me to configure.

Best Regards.

10 Replies 10

andrew.prince
Level 10
Level 10

Does the Nortel device support SSL VPN and normal VPN?

Hi,

Yes it is basically a Nortel Contivity VPN router,which supports VPN (50 VPN tunnels) but whether it supports SSL VPN I will have to check it up.

My problem is ahead of Cisco ASA there 2 L3 devices are there,One is Nortel VPN router,then Service Providers Router in that case how I am going to do the Dynamic NAT for my internal users to access the Internet,One NATTING has to be configured in ASA and then the Nortel BOX also should do the NATTING,I am little confused in this NATTING.

Please guide me.

Regards,

OK - lets get a hold of the topology

1(ISP Router)<>2(Nortel VPN)<>3(ASA)<>4 (Internal Network)

Where does NAT currently take place if the above diagram is correct?

Hi,

Yes...topology is correct,the ASA has a DMZ zone where two servers are there,for the mobile use should access these servers through SSLVPN.

How and Where should I do the NATTING.

Regards,

Well to be honest, if the customer has 8 internet routable IP addresses they don't want to waste them.

I would perform the NATTING on the Nortel VPN router, then either config PAT ot specific 1:1 for the VPN/DMZ Servers.

HTH>

or you could just remove the Nortel router, and connect the ASA directly into the ISP equipment - then NAT on the ASA.

HTH>

Hi andrew,

Without the Nortel,with only ASA ,I have done the dynamic NAT for the internal users,and static NAT for teh servers in the DMZ and Remote VPN configured and tested it is working fine.

Since end user bought the Nortel VPN router ,which has to be implemented.

You said NATTING in the nortel and VPN/DMZ 1:1 PAT in the ASA is it?

Thanks support extended to me.

Regards,

newzion123

Can I ask why the nortel was bought and must be used?

What function is this Nortel to do?

Hi andrew,

Really I do not know why they purchased this box.

Regards.

OK "why" is not as important as "what"

What is the device ecpected to do as this will influence the placement in the topology and the required config to place into the network?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: