ASA static to indirect subnet / return traffic without default route NAT help
I am having touble with a NAT concept. What I have is a 3rd party software VPN product that basically tunnels encapsulated traffic to/from a server sitting inside the network. Right now this traffic utiluizes a physical interface on the ASA5510, but I need the interface for another project.
What I have is this:
Currently the 3rdpartyvpn server's default gateway is set to the dedicated ASA interface and routes are configured on the server itself for the internal subnets.
What I want is this:
|-vlan2 (3rdpartyvpn here)
In this senario I'll need to configure the 3rdpartyvpn server's default gateway to be the gateway for the vlan. I know a defualt route on the 4507 would take care of this, but in this case, that isn't an option.
Re: ASA static to indirect subnet / return traffic without defau
You can still maintain the first diagram. To do this, you could utilize the subinterface method for this, as shown below;
Note: Assuming Ethernet 0/2 is used here;
interface Ethernet 0/2
no ip address
interface Ethernet 0/2.2
description ### Link to Third Party VPN Server ###
ip address 172.16.1.1 255.255.255.0
interface Ethernet 0/2.3
description ### RSVD for New Project ###
ip address 172.16.2.1 255.255.255.0
That means the external port of your third party VPN Server and your new project, will share the same physical interface i.e. Ethernet 0/2. If you don't like this approach, then you could share the guest interface instead.
If you refuse to point your default gateway of your third party VPN Server to the L3, then this won’t work. This is because the link between the Router and the Layer 3 isn't in VLAN 2 as well. By the way, why do you have a Router between L3 and the Cisco ASA FW?
I’m assuming you have no more available ports in the FW and Router.
Ramraj Sivagnanam Sivajanam
Technical Specialist/Service Delivery Manager – Managed Service Department
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :