Don't know which technology to utilize or how to configure ASA5505
I have an ASA5505. Currently, it is using static NAT on several ports to forward traffic to several devices inside my network. It is a pain not only to configure but from the end user side.
The issue I am having is the applicatoins I am using to access the devices become a mess with dual configurations, one for when I am connected to the internal network and one for when I am away from the office and accessing from the internet. For example, I have 2 Cisco VC240 IP Cameras behind the ASA5505. One is set use port 9091 and the other 9092. When I am inside the office, I access them via http://10.1.2.215:9091 and http://10.1.2.216:9092. But when I am away from the office, I have to have another configuration in an Android app to use them, http://external_ASA_IP:9091 and 9092 and then NAT 9091 to the object for Camera1 and 9092 for Camera2. This is only one scenario. I also have a UC320W that I would like to put an IP phone at home and it sounds like AnyConnect is the only way to do this.
It sounds like to me that if I use some type of VPN, I can access the same devices using the same IP whether internal or external with the external connection using the VPN to tunnel the IP to the local network. There seems to be quite a few ways to do this with an ASA 5505.
AnyConnect seems like the way to go but after reading Cisco documentation, it requires your Android device to be root'd if it is not a particular Samsung model. If I understand correctly, root'ing your phone voids the warranty. I know it is common practice but would think Cisco would have a better solution as I am sure Cisco would not want another manufacturer telling their customers to void the warranty on their Cisco equipment in order to get it to work.
I believe I can just use IPSEC and use the native VPN of the Android OS and also tunnel L2TP as the Android supports IPSEC-PSK/L2TP or IPSEC-CRT/L2TP. But will either of these will support the IP phone to the UC320W?
A friend also told me to use NginX to proxy URL's so the URL http://www.fqdn.com/camera1 gets proxy'd to the internal IP of Camera1 and http://www.fqdn.com/camera2 gets proxy'd to Camera2. He says I should be able to store a cookie on the phone and let the phone authenticate to the camera and if the phone cannot, the proxy can authenticate internally to the IP camera over SSL.
I don't know anymore, I am so confused and just want to simplify my life as I am just a small business with me and a couple other employees but I have full-time job and it is not IT/Network Technician, it is only CTO/CEO/CIO/CFO. I don't have hours upon hours to set this up and test and I don't have hours upon hours to manage it. I just need to simplify this and have so that it is a set-it-and-forget-it for 6 months to 1 year and re-evaluate or update. So, if someone suggests IPSEC, I would not know how to configure anyway and you should expect another post. The same for AnyConnect or any of the other suggestions.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :