Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6426
Views
0
Helpful
8
Replies

UC500 and ASA 5505 Site-to-Site VPN

Go to solution
brandon.kallas
Level 1
Level 1

‎07-24-2009 10:43 AM - edited ‎03-21-2019 01:21 AM

Currently we have a client that has a ASA 5505 at a co-location and a PIX firewall in their office with a site-to-site VPN tunnel established between them.  They are looking to put in a UC500 in their office.  

What needs to be done on the UC500 to re-establish the VPN tunnel?   Is it simply a matter of copying the config from the PIX device and copying it into the UC500 configs?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Glenn Quesenberry
Cisco Employee
Cisco Employee

‎07-24-2009 03:30 PM

Hi Brandon,

     I assume you'll be removing the PIX and using the IOS FW features of the UC520 and establishing the VPN from the UC520 to the ASA5505?  A good source of reference in setting up site-to-site VPN can be found here within the "SBCS-MultiSite-appnote"; step 6 page 9.  It also includes references to other documentation you will find useful in this process.  Review this material and see if this give's you the details you're looking for.

Regards,

Glenn

View solution in original post

0 Helpful

Go to solution
JOHN NIKOLATOS
Level 3
Level 3
In response to brandon.kallas

‎08-21-2009 07:44 PM

Bradon,

Of course this will work...  I do it all the time...  that just is some extra access-list commands to allow the VPN client to talk to both subnets.

Keep in mind the UC500 doesn't have to replace the PIX (unless you want to).  THe PIX and the UC500 can work together...

The UC500 will only support a minimal amount of IPSEC tunnels and the PIX will out perform it in that way...

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Glenn Quesenberry
Cisco Employee
Cisco Employee

‎07-24-2009 03:30 PM

Hi Brandon,

     I assume you'll be removing the PIX and using the IOS FW features of the UC520 and establishing the VPN from the UC520 to the ASA5505?  A good source of reference in setting up site-to-site VPN can be found here within the "SBCS-MultiSite-appnote"; step 6 page 9.  It also includes references to other documentation you will find useful in this process.  Review this material and see if this give's you the details you're looking for.

Regards,

Glenn

0 Helpful

Go to solution
brandon.kallas
Level 1
Level 1
In response to Glenn Quesenberry

‎08-21-2009 01:24 PM

Thanks for that documentation, that will help out a lot I'm sure!

Here is my next question concerning this:

When the UC500 is in place at the office and is successfully connected to the ASA 5505 at the co-location.   Is it possible to use the Cisco VPN Client to remotely connect to the UC500 (at the office) in order to use a CIPC as well as connect via the site-to-site VPN to access data from the servers located at the co-location where the ASA 5505 is located?

Thanks!

0 Helpful

Go to solution
Steven Smith
Level 7
Level 7
In response to brandon.kallas

‎08-21-2009 01:28 PM

Are you asking if a user at home could connect with the VPN client?  The answer is yes.  That shouldn't be any problem.  If you are asking if a user at the ASA site wanted to use a VPN client to work with is CIPC, there would be no need for that.  You can have the UC500 to ASA rules to allow voice traffic as well.

0 Helpful

Go to solution
brandon.kallas
Level 1
Level 1
In response to Steven Smith

‎08-21-2009 01:33 PM

Right, I understand that part, but can a user from home connect to the UC500 with the VPN client to use their CIPC and also access data from the servers over the site-to-site tunnel?

Their co-location is owned by another company and they are just renting a cage for their servers, but the users want to be able to use their CIPC as well as access the data off their servers at the co-location.

0 Helpful

Go to solution
Steven Smith
Level 7
Level 7
In response to brandon.kallas

‎08-21-2009 01:38 PM

I believe this should work.  Easiest way to configure this is not to allow split tunneling on the EZVPN.

0 Helpful

Go to solution
brandon.kallas
Level 1
Level 1
In response to Steven Smith

‎08-21-2009 01:56 PM

Is there anyway to find out if this is definitely possible?  Our client is looking to purchase a UC500 for their office mostly for this reason.

Thanks!

0 Helpful

Go to solution
JOHN NIKOLATOS
Level 3
Level 3
In response to brandon.kallas

‎08-21-2009 07:44 PM

Bradon,

Of course this will work...  I do it all the time...  that just is some extra access-list commands to allow the VPN client to talk to both subnets.

Keep in mind the UC500 doesn't have to replace the PIX (unless you want to).  THe PIX and the UC500 can work together...

The UC500 will only support a minimal amount of IPSEC tunnels and the PIX will out perform it in that way...

0 Helpful

Go to solution
Steven Smith
Level 7
Level 7
In response to brandon.kallas

‎08-25-2009 02:47 PM

Yes, this will work without issue.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents