Solved: ASA 5505 LAN-to-WAN site-to-site VPN

fusionreaktor · ‎01-04-2012

Hi

I need to set up a site-to-site VPN on ASA 5505 (ASA version 8.4) on a private IP address range to a third party who have are using internet routable IP addresses for the remote LAN.

E.g. in the Protected Networks settings

Local Network: 192.168.1.0/24

Remote Network: 1.1.1.0/24

Is this possible?

Thanks

Julian

rizwanr74 · ‎01-04-2012

Yes, it is possible, use in the interesting traffic identifier ACL (i.e crypto ACL) the remote destination address is public address instead of a private address and your VPN remote peer's address is naturally public address if it goes over public-cloud. You may have an ACL on the inside interface, control (local LAN) access to remote tunnel end.

This setup is much similar to vpn tunning to banks over public-cloud.

Thanks

Rizwan Rafeek.

View solution in original post

rizwanr74 · ‎01-04-2012

Yes, it is possible, use in the interesting traffic identifier ACL (i.e crypto ACL) the remote destination address is public address instead of a private address and your VPN remote peer's address is naturally public address if it goes over public-cloud. You may have an ACL on the inside interface, control (local LAN) access to remote tunnel end.

This setup is much similar to vpn tunning to banks over public-cloud.

Thanks

Rizwan Rafeek.

fusionreaktor · ‎01-04-2012

Thanks

This prompted me to double-check my configuration and I found the remote network was set up incorrectly (I hadn't been given the correct information at the time).