Recently installed an ASA 5509 to protect an iSeries webserver on the internal network. Ended up having to change the default gateway of the iSeries to the inside address of the ASA in order for the outside world to access the website.
Since we did that, I have a remote office that had a vpn tunnel and could access the iSeries that is now not able to. My question is, do I now need to set up a site to site vpn tunnel between the linksys router in the remote office and the ASA box in order to make this work, and if so how do I do it?
A few questions so this is more clear. I guess the ASA replaced another piece of equipment? The remote office had a vpn tunnel to this other piece of equipment? What access does the remote site need to the iSeries, I guess they need more than www?
Sorry, I should have provided more info. The ASA didn't take the place of anything, it was put in place in addtion to a Linksys VPN router. The remote office had a vpn tunnel to the linksys vpn router. THe iseries gateway was set to this router. The remote office needs access to the iseries for payroll.
I'm assuming I will have to create a new tunnel. The iSeries is at 172.20.5.7 and it used to have a gateway of 172.20.5.2 (linksys router). It now has 172.20.5.75 (ASA) as the gateway. Had to set it like this to get the outside world to be able to see the website on the iSeries.
Before I did this, there was a remote office 172.20.6.0 network that has a linksys router 172.20.6.2 that had a site to site vpn tunnel that allowed 172.20.6.0 network to access the iSeries. Since I changed that default gateway, this doesn't work anymore.
So my thought is that tunnel needs to be recreated between the 172.20.6.2 router and the 172.20.5.75 ASA. Correct?
Another option is to allow same-security-traffic intra-interface on the ASA. This would allow traffic to bounce off inside interface of ASA towards original tunnel. All you would have to do is add an inside route on the ASA. You do not have to create a new tunnel in this situation if you don't want to.
Yes friend you have to set a site-to-site tunnel with a linksys router bec you have change or remove the first firewall and sure you change the ip address so you need to define the new peer in both sites , or if you have just one computer or less than 3 you can configure your ASA for easy vpn server and install the cisco vpn client sofware on that computers instead of configuring site-to-site betw linksys router and asa , how to do that it is a long configuration frined and you have to now about both asa and linksys router and make sure that your linksys router can configured with the ipsec functionality
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...