cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
295
Views
0
Helpful
3
Replies

Remote Access VPN Setup

John Apricena
Level 1
Level 1

Hello Support,

I have a question regarding a remote access VPN setup with the following. I have a Cisco 6500 with multiple VLANs, and an FWSM setup in mutliple context mode. Each of our clients sits behind their own context, and has their own associated VLANs. Each context has a shared interface, so that one network (our management network) can see all of the networks. We are using a Cisco ASA to terminate P2P VPNs as the FWSms cannot do so, but I would like to setup a remote access VPN from the ASA, but I will need to connect in and have access to all networks. Currently the ASA has an outside interface for internet, two client inside interfaces, and one interface on the shared network.

If I setup a remote access VPN from the ASA with a separate scope will I be able to see all the networks that I setup routes and nonats for or is there more to it?

I provided a brief diagram showing all the vlans, I will need to be able to access all of the 6500s vlans when connected using the VPN.

Thanks in advance for all ideas, suggestions, and assistance.

2 Accepted Solutions

Accepted Solutions

Julio Carvajal
VIP Alumni
VIP Alumni

Hello John,

You will need to configure the respective IP Address pool for the Anyconnect users,

Then create the no_nat rules from all of the internal subnets to the Anyconnect Pool.

That should do it bud . I mean just make sure the internal network (core) knows that in order to reach the anyconnect pool must send the traffic to the ASA.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Hello,

Cool,

Keep us posted and remember to rate all of the posts

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

Hello John,

You will need to configure the respective IP Address pool for the Anyconnect users,

Then create the no_nat rules from all of the internal subnets to the Anyconnect Pool.

That should do it bud . I mean just make sure the internal network (core) knows that in order to reach the anyconnect pool must send the traffic to the ASA.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Thank Julio.

I have an outage this weekend, that I'm doing a few other things, so I will bring it up then and let you know if any issues come up, thanks!

Hello,

Cool,

Keep us posted and remember to rate all of the posts

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: