I have a small network office with network range 192.168.1.0/24. It currently has a basic setup of router -> firewall -> switches, and I'd like to keep the netowkr as simple as possible.
The router is a 1800 series, but the firewall is another brand. The local default gateway is on the inside of the currently in place firewalls, but I would like to add a Cisco ASA to the existing setup for terminating my VPNs on.
I would like this ASA to have the outside interface configured in the 192.168.1.0/24 and NAT that address on the Cisco router. I will then add a route on the currently in place firewalls to send any traffic I want to go over my VPNs to the outside interface of my ASA, which will then route it back out of the outside interface over the VPN.
Essentially, what I'm asking is, can I just configure the outside interface, stick "same-security-traffic permit intra-interface" on there, and configure my VPNs as usual?
Just seems a bit strange to me not having any of the other interfaces configured and just patching in the outside interface... but this may be completely usual.
I don't want to change any of my current set up, or move my default gateway from the currently in place firewall. I simply want to hang my ASA off either switch or the currently in place firewall and put a route on there directing any VPN traffic to the ASA.
Essentially the setp will look something like this:
In this instance, the switch on 192.168.1.4 will have the following route:
ip route 10.10.0.0 255.255.255.0 192.168.1.5
so that any traffic destined for the remote office gets routed to the ASA. The ASA will then send the traffic back out the same interface over the VPN to the remote office. I am planning to assign a static translation on the router as you mentioned.
My main concern was the traffic coming in and out of the ASA on the same interface, but I'm guessing the "same-security-permit intra-interface" will take care of that. As I said, just seems like a strange setup to me only having the outside interface patched in and configured.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...