05-11-2010 08:44 AM - edited 03-11-2019 10:43 AM
I have the following scenario:
net inside [129.168.21.0 / 24] ---------- [ASA5505] ------------ net outside [10.120.2.88 / 30] ----- ISP network
ASA5505 inside interface: 192.168.21.254
ASA5505 outside interface: 10.120.2.90
ASA5505 default gateway: 10.120.2.89
The public addresses offered by our ISP are [190.X.Y.88 / 29].
We don't have a router to connect the ISP ethernet port.
I configured some NATs:
global (outside) 1 190.X.Y.90 255.255.255.248
nat (inside) 1 192.168.21.0 255.255.255.0
with this commands we got Internet navigation to inside stations.
I configured a STATIC:
static (inside,outside) 190.X.Y.91 192.168.21.200 netmask 255.255.255.255
with this static and some access-list we got public services to Internet.
But we need to configure VPN Remote Access and L2L in the ASA5505.
How may I configure the interfaces, NAT or STATIC to get VPN access ?
Solved! Go to Solution.
05-11-2010 09:39 AM
The only way to terminate the VPN to the ASA is either two ways:
1. Termine the tunnel on an IP directly assigned to an interface on the ASA.
2. Terminate the tunnel on an public IP that can be redirected to the IP of the ASA.
There's no way to terminate the tunnel on an IP that is not mapped somehow to the interface of the ASA.
Federico.
05-11-2010 08:51 AM
Hi,
You can find all the details about configuring VPN here:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ike.html
Let us know if you have any questions.
Federico.
05-11-2010 09:00 AM
Thx ... but the problem is not the VPN configuration.
The problem is the IP public address asigned to outside interface, if you see the schema, the outside interface is connected directly to Metro-ethernet ISP port with privade IP addresses ... and we are NATing the IP public address in Firewall without asigning them to any Firewall interfaces.
Any suggestion ... ?
05-11-2010 09:39 AM
The only way to terminate the VPN to the ASA is either two ways:
1. Termine the tunnel on an IP directly assigned to an interface on the ASA.
2. Terminate the tunnel on an public IP that can be redirected to the IP of the ASA.
There's no way to terminate the tunnel on an IP that is not mapped somehow to the interface of the ASA.
Federico.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: