Solved: ASA-5505 behind a Cisco Router

sendalot7 · ‎10-04-2013

Hello, after days of struggle, devices connected to the Cisco router finally have access to internet!

Now I'm trying to put ASA-5505 behind this Cisco router.

Since ASA-5505 also can act as a semi-router/switch, I've been trying to have devices connected to the ASA have access to internet as well.

But so far, I have failed. I have set up two OSPF areas in the Cisco router and just one OSPF area on the ASA. I also set a "out" static route on ASA.

I'm stuck, please help!

Marvin Rhoads · ‎10-05-2013

I'd recommend you should learn the foundational topics in 640-554 (and 200-120 if you haven't already) before moving on to ASA VPNs. You will be better prepared then when you start of the Firewall and VPN classes associated with the CCNP Security.

View solution in original post

John Blakley · ‎10-04-2013

Post your config for the ASA...what version of IOS?

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

sendalot7 · ‎10-04-2013

I somehow got it to work.

But ASAs use different OS, correct?

John Blakley · ‎10-05-2013

They're different from routers, and their is a difference between ASA versions 8.25 and 8.3 and up. They've changed the way natting is configured on the later version.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

paolo bevilacqua · ‎10-05-2013

Wrong forum, post in "security - firewalling". You can move your posting using the Actions panel on the right.

sendalot7 · ‎10-05-2013

Did I move it to the right one?

Julio Carvajal · ‎10-05-2013

Hello,

Yes you did,

You said you managed to work so how can we help U now?

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

sendalot7 · ‎10-05-2013

I managed to have devices connected to ASA have access to Internet.

Now I want to set up AnyConnect VPN system.

But does the client ship with ASA? or do I need to purchase separetly?

Or can other 3rd party clients be used?

Marvin Rhoads · ‎10-05-2013

Client question answered in your Network Management forum thread.

sendalot7 · ‎10-05-2013

I managed to acquire a msi package of AnyConnect.

I've never configured a VPN on an ASA or Router.

Should the steps in "Startup Manager" do the trick?

Thanks.

Marvin Rhoads · ‎10-05-2013

The easiest way for someone new to ASA is to use the Anyconnect VPN Wizard in ASDM, the ASA GUI.

The steps are explained in detail here.

sendalot7 · ‎10-05-2013

My main question is this.

Long put short, the public WAN IP address that my main router has, is the address that clients outside use to access my network?

Thanks.

Marvin Rhoads · ‎10-05-2013

Yes that's correct.

sendalot7 · ‎10-05-2013

Do ISPs like Comcast and AT&T block that kind of VPN for personal use? Or would it not matter?

Marvin Rhoads · ‎10-05-2013

I misread your earlier question.

The ISPs don't block the ports per se but If your ASA is sitting on a home newtowrk without a dedicated public IP it wont be able to serve as a VPN headend.

A VPN needs a dedicated public IP (for most intents and purposes - there are work arounds but not for a novice).