01-12-2009 09:23 AM - edited 02-21-2020 03:12 AM
I have an ASA 5505 that I would like to use to allow staff to VPN in to the main network.
However, our current firewall is not to be replaced. The ASA must go on the network as an addtion.
I have run a line to the ASA and given it a public ip address on the outside interface and have been trying to configure the rest of it, but I am running into many problems.
I can't seem to find a document showing an ASA as an alternate entry point to the network (that is 2 seprate firewalls to the same network)
Can any one point me in the direction of documentation that might help?
01-12-2009 02:11 PM
Here's a bunch of configuration examples-
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html#anchor10
01-13-2009 06:48 AM
Hi,
In additions to Colojn's helpful link for configurations, here are my 2cents..
"I can't seem to find a document showing an ASA as an alternate entry point to the network (that is 2 seprate firewalls to the same network) "
Connect the ASA parallel to existing fw (with inside ip matching to intenal lan segment IP) and configure it as Remote Access VPN server. Add the necessary routes to internal network (if no dynamic routing being used). Deploy users laptops with vpn client with ASA public ip as 'host ip'. Thats it.
hth
MS
01-13-2009 09:18 AM
I have been trying a few things and it still does not work correctly.
I have tried transforming the remote network's ip range to that it looks "local" to the network the client is connecting to but the ASA doesn't answer arp requests when the servers try and send data back to the remote client.
I then tried to transform the remote network to an "off subnet" to the main network and add a route to the Layer 3 switch all the hosts are connected to but then the Layer 3 switch just sends the servers an ICMP redirect.
01-13-2009 12:01 PM
--> So when you are "off subnet" (which is strongly recomended) users are connecting but having reching out to servers behind the L3 device. You might be missing a route some where. If you post the configs someone will be definitely help you with the issue.
hth
MS
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: