Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

VPN Help


I have a server on a remote network that I would like to connect to when I am on the road. When I am on my own network I connect without issue, but on the road I cannot establish a connection due to the ACL on the remote firewall.

I have setup a VPN tunnel on my ASA 5510. It uses a DHCP pool of two public addresses that are permitted into the remote network. The IP addresses are assigned to my VPN adapter when I connect.


Can I use my ASA as a relay to this remote network? And if so, what are the key steps to setting it up?


Re: VPN Help

Your current setup will not work.

What you need to do is configure the VPN pool of addresses for your internal network. Then configure the VPN to tunnel ALL traffic. The you configure VPN Hairpining - effectivly this will allow all your internal/external traffic to be encrypted over the VPN client. Once the traffic is recevied by your ASA - your internal traffic will be passed out of your inside interface. The internet traffic will pass out the outside interface. once it passes out your outside interface it will be natt'd to your external IP addresses - and the remote end will allow you access.


Community Member

Re: VPN Help

Will it be encrypted going out to the remote site if there is not an existing L2L tunnel between us?

Re: VPN Help


Community Member

Re: VPN Help

Hi Alex,

I am new to the forum and was unaware you held "Ask the expert" discussions. I would just like to say that it is a fantastic idea and would like to express how impressed I am with this forum and the quality of it's members, keep up the great work.

My query is ::::

I have cisco pix platform 6.3 version in my organisation working with default zones(inside,outside&DMZ) Now as per migration project ..we do want to migrate from current platform to Juniper paltform But i am getting stuck how to distinguish the policies on cisco paltform and groups and network objcets ??

As on juniper platform we need to apply access rule from one zone to other zone and it's very much specified but in cisco i m not able to findout the same separately ...??

It will be great help from your side if you reply me with your valuable inputs ???

Is there any software or migrating tool available in your paltform or others , pls ler me know ???

Awaiting for your reply

Thanking you very much


Leena Goyal

Re: VPN Help


There is no migration tool from a Cisco device to another vendor. There is a Cisco migration tool from PIX to ASA - this is not the same.

The groups are identifed by name and type. Objects in the groups are identified by the same.

The groups will be attached to access-lists

The access-lists will be attached to interfaces in a particular direction.


CreatePlease to create content