Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Recommended Confiuration for ASA L2L VPN

I have an ASA 5505 that I would like to use to allow staff to VPN in to the main network.

However, our current firewall is not to be replaced. The ASA must go on the network as an addtion.

I have run a line to the ASA and given it a public ip address on the outside interface and have been trying to configure the rest of it, but I am running into many problems.

I can't seem to find a document showing an ASA as an alternate entry point to the network (that is 2 seprate firewalls to the same network)

Can any one point me in the direction of documentation that might help?

4 REPLIES

Re: Recommended Confiuration for ASA L2L VPN

Re: Recommended Confiuration for ASA L2L VPN

Hi,

In additions to Colojn's helpful link for configurations, here are my 2cents..

"I can't seem to find a document showing an ASA as an alternate entry point to the network (that is 2 seprate firewalls to the same network) "

Connect the ASA parallel to existing fw (with inside ip matching to intenal lan segment IP) and configure it as Remote Access VPN server. Add the necessary routes to internal network (if no dynamic routing being used). Deploy users laptops with vpn client with ASA public ip as 'host ip'. Thats it.

hth

MS

New Member

Re: Recommended Confiuration for ASA L2L VPN

I have been trying a few things and it still does not work correctly.

I have tried transforming the remote network's ip range to that it looks "local" to the network the client is connecting to but the ASA doesn't answer arp requests when the servers try and send data back to the remote client.

I then tried to transform the remote network to an "off subnet" to the main network and add a route to the Layer 3 switch all the hosts are connected to but then the Layer 3 switch just sends the servers an ICMP redirect.

Re: Recommended Confiuration for ASA L2L VPN

--> So when you are "off subnet" (which is strongly recomended) users are connecting but having reching out to servers behind the L3 device. You might be missing a route some where. If you post the configs someone will be definitely help you with the issue.

hth

MS

153
Views
0
Helpful
4
Replies
CreatePlease to create content