VPN to an ASA5505 behind Cisco 837 router?

ShouldKnowBetter · ‎12-21-2011

Hi...

I have been given an ASA5505 which I would ike to use as a VPN endpoint (so I can connect to my home network remotely), however it will be sitting behind a Cisco 837 Router which has the ISP negotiated public IP address on its dialer interface.

Is there a way to bridge this connection and have the IP address allocated on the outside interface of the ASA, so that I can terminate a VPN connection on it?

If it's any help the ATM and dialer interface configurations are shown below:

interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no ip mroute-cache

no atm ilmi-keepalive

dsl operating-mode auto

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

interface Dialer1

description $FW_OUTSIDE$

bandwidth 5000

ip address negotiated

ip access-group 101 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip inspect SDM_LOW out

ip ips sdm_ips_rule in

ip virtual-reassembly

encapsulation ppp

ip route-cache flow

dialer pool 1

ppp chap hostname ******

ppp chap password ******

Regards....

cflory · ‎12-23-2011

I believe you could give your VLAN interface on the 837 a public IP, and set your Dialer interface as IP Unnumbered (assuming you have a block of IP's to choose from).

You could then set the ASA's default route to the IP you assigned for the VLAN interface, and assign the ASA an IP withing that block.

IP Unnumbered:

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094e8d.shtml

HTH!

-Chris