cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
872
Views
5
Helpful
3
Replies

Configuring Cisco ASA for site to site VPN ( Issue with setting up local network)

mmcfarland727
Level 1
Level 1

OK, so our primary firewall is a checkpoint gateway. Behind that we have a cisco ASA for vpn users. I have a project at the moment where we need to connect to another company using site to site VPN through the cisco ASA, as the checkpoint gateway is unable to establish a permanent tunnel with the other companies Cisco ASA.

What would be the best practise for setting up the local network on my side? Create the network on the ASA and then use a L2 vlan to connect to the Core switch? 

Setup a L3 interface on the core switch and point it towards the checkpoint gateway which would then point to the ASA?

When you have to select your local network through the site to site wizard do you have to put the inside network address of the ASA?


Our network is setup like this: Access layer switch > Core 6500 Switch > Checkpoint-Firewall > Internet

The ASA is connected to a checkpoint sub interface

 

Any help would be beneficial as im new to cisco ASAs 

 

Thanks

 

Mark

 

 

1 Accepted Solution

Accepted Solutions

Mark

 

If we understood more about your environment we might be able to give you better answers. My initial reaction was similar to the suggestion from Michael to use a L2 vlan. But as I think a bit more my attention is drawn to something that you mention in the original post. The ASA is there for VPN users. If the VPN users need to access your internal network then you probably already have something configured on the ASA that allows access to the internal network. Perhaps that same thing might provide access for your site to site VPN?

 

HTH

 

Rick

HTH

Rick

View solution in original post

3 Replies 3

michael o'nan
Level 4
Level 4

The Checkpoint firewall should be able to have a LAN to LAN tunnel to any brand firewall. I would setup the network on the ASA and have a L2 VLAN to your switch. 

Thanks Michael for your response. The checkpoint firewall cannot be used because it doesn't have the capability of sustaining a permanent tunnel. 

 

 

 

 

Mark

 

If we understood more about your environment we might be able to give you better answers. My initial reaction was similar to the suggestion from Michael to use a L2 vlan. But as I think a bit more my attention is drawn to something that you mention in the original post. The ASA is there for VPN users. If the VPN users need to access your internal network then you probably already have something configured on the ASA that allows access to the internal network. Perhaps that same thing might provide access for your site to site VPN?

 

HTH

 

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: