cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
330
Views
0
Helpful
4
Replies

Recommended Confiuration for ASA L2L VPN

Keyman009
Level 1
Level 1

I have an ASA 5505 that I would like to use to allow staff to VPN in to the main network.

However, our current firewall is not to be replaced. The ASA must go on the network as an addtion.

I have run a line to the ASA and given it a public ip address on the outside interface and have been trying to configure the rest of it, but I am running into many problems.

I can't seem to find a document showing an ASA as an alternate entry point to the network (that is 2 seprate firewalls to the same network)

Can any one point me in the direction of documentation that might help?

4 Replies 4

Collin Clark
VIP Alumni
VIP Alumni

Hi,

In additions to Colojn's helpful link for configurations, here are my 2cents..

"I can't seem to find a document showing an ASA as an alternate entry point to the network (that is 2 seprate firewalls to the same network) "

Connect the ASA parallel to existing fw (with inside ip matching to intenal lan segment IP) and configure it as Remote Access VPN server. Add the necessary routes to internal network (if no dynamic routing being used). Deploy users laptops with vpn client with ASA public ip as 'host ip'. Thats it.

hth

MS

I have been trying a few things and it still does not work correctly.

I have tried transforming the remote network's ip range to that it looks "local" to the network the client is connecting to but the ASA doesn't answer arp requests when the servers try and send data back to the remote client.

I then tried to transform the remote network to an "off subnet" to the main network and add a route to the Layer 3 switch all the hosts are connected to but then the Layer 3 switch just sends the servers an ICMP redirect.

--> So when you are "off subnet" (which is strongly recomended) users are connecting but having reching out to servers behind the L3 device. You might be missing a route some where. If you post the configs someone will be definitely help you with the issue.

hth

MS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: