Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
221
Views
0
Helpful
2
Replies

ASA 5505 behind DSL router

GrootLives
Level 1
Level 1

‎07-23-2015 08:44 AM

Trying to wedge ASA into existing infrastructure. It will be behind an internet facing router. Never tried to do this before and not 100% sure how to do this. There are other ports on the router that have to remain untouched/unaffected.

 

Internet --> x.x.x.x Router 192.168.2.1 --> 192.168.2.100 ASA 10.0.82.1 --> private network (10.0.82.x)

 

The router has a public ip of x.x.x.x. On the private side the router is configured as 192.168.2 and I've configured the ASA 192.168.2.100 as a DMZ address on the router. Used the adsm wizard to setup a IPSEC(IKEv1) connection profile. But when I try to connect from another machine using the vpn client it doesn't seem to "see" the asa.

 

I don't suppose there exists a walkthru out there somewhere for such a scenario?

Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎07-23-2015 09:20 AM

First: The better way would be to redesign your setup and use the router as a pure "modem" which means the ASA has the public IP. That makes everything much easier.

If that's not an option, have you forwarded UDP/500 and UDP/4500 from the DSL-router to the ASA? That is needed to make the VPN work.

0 Helpful

GrootLives
Level 1
Level 1
In response to Karsten Iwen

‎07-23-2015 10:04 AM

Changing the existing setup is not an option. For reasons beyond my control the other ports on the router must remain outside the ASA. I do have the ability to designate one port/address on the router as being in the dmz (the ASA). That's it.

At the moment trying to replicate the setup on the bench and configure as much as I can before driving 4 hrs to deploy it. Not having much joy.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents