07-24-2009 10:43 AM - edited 03-21-2019 01:21 AM
Currently we have a client that has a ASA 5505 at a co-location and a PIX firewall in their office with a site-to-site VPN tunnel established between them. They are looking to put in a UC500 in their office.
What needs to be done on the UC500 to re-establish the VPN tunnel? Is it simply a matter of copying the config from the PIX device and copying it into the UC500 configs?
Solved! Go to Solution.
07-24-2009 03:30 PM
Hi Brandon,
I assume you'll be removing the PIX and using the IOS FW features of the UC520 and establishing the VPN from the UC520 to the ASA5505? A good source of reference in setting up site-to-site VPN can be found here within the "SBCS-MultiSite-appnote"; step 6 page 9. It also includes references to other documentation you will find useful in this process. Review this material and see if this give's you the details you're looking for.
Regards,
Glenn
08-21-2009 07:44 PM
Bradon,
Of course this will work... I do it all the time... that just is some extra access-list commands to allow the VPN client to talk to both subnets.
Keep in mind the UC500 doesn't have to replace the PIX (unless you want to). THe PIX and the UC500 can work together...
The UC500 will only support a minimal amount of IPSEC tunnels and the PIX will out perform it in that way...
07-24-2009 03:30 PM
Hi Brandon,
I assume you'll be removing the PIX and using the IOS FW features of the UC520 and establishing the VPN from the UC520 to the ASA5505? A good source of reference in setting up site-to-site VPN can be found here within the "SBCS-MultiSite-appnote"; step 6 page 9. It also includes references to other documentation you will find useful in this process. Review this material and see if this give's you the details you're looking for.
Regards,
Glenn
08-21-2009 01:24 PM
Thanks for that documentation, that will help out a lot I'm sure!
Here is my next question concerning this:
When the UC500 is in place at the office and is successfully connected to the ASA 5505 at the co-location. Is it possible to use the Cisco VPN Client to remotely connect to the UC500 (at the office) in order to use a CIPC as well as connect via the site-to-site VPN to access data from the servers located at the co-location where the ASA 5505 is located?
Thanks!
08-21-2009 01:28 PM
Are you asking if a user at home could connect with the VPN client? The answer is yes. That shouldn't be any problem. If you are asking if a user at the ASA site wanted to use a VPN client to work with is CIPC, there would be no need for that. You can have the UC500 to ASA rules to allow voice traffic as well.
08-21-2009 01:33 PM
Right, I understand that part, but can a user from home connect to the UC500 with the VPN client to use their CIPC and also access data from the servers over the site-to-site tunnel?
Their co-location is owned by another company and they are just renting a cage for their servers, but the users want to be able to use their CIPC as well as access the data off their servers at the co-location.
08-21-2009 01:38 PM
I believe this should work. Easiest way to configure this is not to allow split tunneling on the EZVPN.
08-21-2009 01:56 PM
Is there anyway to find out if this is definitely possible? Our client is looking to purchase a UC500 for their office mostly for this reason.
Thanks!
08-21-2009 07:44 PM
Bradon,
Of course this will work... I do it all the time... that just is some extra access-list commands to allow the VPN client to talk to both subnets.
Keep in mind the UC500 doesn't have to replace the PIX (unless you want to). THe PIX and the UC500 can work together...
The UC500 will only support a minimal amount of IPSEC tunnels and the PIX will out perform it in that way...
08-25-2009 02:47 PM
Yes, this will work without issue.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: