Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
608
Views
0
Helpful
3
Replies

ASA5505 Special NAT and VPN configuration

Go to solution
guigonza
Level 1
Level 1

‎05-11-2010 08:44 AM - edited ‎03-11-2019 10:43 AM

I have the following scenario:

  net inside [129.168.21.0 / 24] ---------- [ASA5505] ------------  net outside [10.120.2.88 / 30] -----  ISP network

  ASA5505 inside interface:     192.168.21.254

  ASA5505 outside interface:     10.120.2.90

  ASA5505 default gateway:     10.120.2.89

The public addresses offered by our ISP are [190.X.Y.88 / 29].

We don't have a router to connect the ISP ethernet port.

I configured some NATs:

global (outside) 1 190.X.Y.90 255.255.255.248

nat (inside) 1 192.168.21.0 255.255.255.0

with this commands we got Internet navigation to inside stations.

I configured a STATIC:

static (inside,outside) 190.X.Y.91 192.168.21.200 netmask 255.255.255.255

with this static and some access-list we got public services to Internet.

But we need to configure VPN Remote Access and L2L in the ASA5505.

How may I configure the interfaces, NAT or STATIC to get VPN access ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to guigonza

‎05-11-2010 09:39 AM

The only way to terminate the VPN to the ASA is either two ways:

1. Termine the tunnel on an IP directly assigned to an interface on the ASA.

2. Terminate the tunnel on an public IP that can be redirected to the IP of the ASA.

There's no way to terminate the tunnel on an IP that is not mapped somehow to the interface of the ASA.

Federico.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎05-11-2010 08:51 AM

Hi,

You can find all the details about configuring VPN here:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ike.html

Let us know if you have any questions.

Federico.

0 Helpful

Go to solution
guigonza
Level 1
Level 1
In response to Federico Coto Fajardo

‎05-11-2010 09:00 AM

Thx ...  but the problem is not the VPN configuration.

The problem is the IP public address asigned to outside interface, if you see the schema, the outside interface is connected directly to Metro-ethernet ISP port with privade IP addresses ... and we are NATing the IP public address in Firewall without asigning them to any Firewall interfaces.

Any suggestion ... ?

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to guigonza

‎05-11-2010 09:39 AM

The only way to terminate the VPN to the ASA is either two ways:

1. Termine the tunnel on an IP directly assigned to an interface on the ASA.

2. Terminate the tunnel on an public IP that can be redirected to the IP of the ASA.

There's no way to terminate the tunnel on an IP that is not mapped somehow to the interface of the ASA.

Federico.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card