Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1263
Views
0
Helpful
7
Replies

ASA 5505 VPN tunnel

Go to solution
Svetoslav Simeonov
Level 1
Level 1

‎09-04-2013 12:55 PM

Hello again,

can you please answer me some questions that have burned my head these days

1.Can i connect ASA5505 to a WRT54GL router in a VPN tunnel so that the WRT54GL is the endpoint that connects to the ASA?

2.If yes can you tell me please what firmware should i use and the steps that should i follow .

3.If no can you tell me what router should i use so that the VPN tunnel can be made.

Thanks!

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Mike Williams
Level 5
Level 5

‎09-08-2013 10:06 PM

Hi Svetoslav,

I understand you are asking if you can establish a site-to-site VPN between an ASA 5505 and the Linksys WRT54GL. Unfortunately, the WRT54GL does not support VPN termination. If you don't want to spend the money on another ASA 5505 (which I would recommend), you could look at the Cisco Small Business line of firewalls/routes, such as the RV320.

http://www.cisco.com/en/US/products/ps11997/index.html

Regards,

Mike

View solution in original post

0 Helpful

Go to solution
Mike Williams
Level 5
Level 5
In response to Svetoslav Simeonov

‎09-09-2013 05:37 PM

Thanks for the diagram, Svetoslav. In order to have a VPN between the two ASAs in this configuration, you will need to forward IP protocol 50 (ESP), UPD 500 and UDP 4500. Unfortunately, ESP cannot be port forwarded. You may be able to get this working if you setup the ASA as a "DMZ" device from the WRT54GL so that all unknown incoming traffic is forwarded to the ASA. This would be the only way to make this work.

Regards,

Mike

View solution in original post

0 Helpful

Go to solution
Mike Williams
Level 5
Level 5
In response to Svetoslav Simeonov

‎09-10-2013 12:24 PM

I'm glad you got it resolved. If your question was satisfactorily answered, please mark the thread as answered.

In regards to your question about whether or not the RV180W will act as a VPN endpoing, according to the datasheet the router supports "10 gateway-to-gateway IPSec tunnels", so it appears that it will work for your needs. Here is a link to the datasheet:

http://www.cisco.com/en/US/prod/collateral/routers/ps10907/ps9923/ps11996/c78-697399_data_sheet.html

Regards,

Mike

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Svetoslav Simeonov
Level 1
Level 1

‎09-07-2013 07:40 AM

Any ideas ?

0 Helpful

Go to solution
Mike Williams
Level 5
Level 5

‎09-08-2013 10:06 PM

Hi Svetoslav,

I understand you are asking if you can establish a site-to-site VPN between an ASA 5505 and the Linksys WRT54GL. Unfortunately, the WRT54GL does not support VPN termination. If you don't want to spend the money on another ASA 5505 (which I would recommend), you could look at the Cisco Small Business line of firewalls/routes, such as the RV320.

http://www.cisco.com/en/US/products/ps11997/index.html

Regards,

Mike

0 Helpful

Go to solution
Svetoslav Simeonov
Level 1
Level 1
In response to Mike Williams

‎09-09-2013 02:44 AM

Hello again,

this should be done :

So i try to connect 2.Computer to 1.Computer in a Site-to-site VPN tunnel. That why i asked for a vpn tunnel ASA<->WRT54GL. I think it will be better if i put the second ASA5505 in front of the WRT54gl but there is no such option...

I use the VPN Wizard Site-to-site and >

1.For peer ip i put 77.77.27.100, for inside network i put 192.168.10.0

2.For peer ip i put 213.146.x.x for inside network i put 10.1.1.11 and 192.168.100.0

but when i try to ping ... no result ... request timeout...

Can you please help me and tell me what am i doing wrong. Thanks!

0 Helpful

Go to solution
Mike Williams
Level 5
Level 5
In response to Svetoslav Simeonov

‎09-09-2013 05:37 PM

Thanks for the diagram, Svetoslav. In order to have a VPN between the two ASAs in this configuration, you will need to forward IP protocol 50 (ESP), UPD 500 and UDP 4500. Unfortunately, ESP cannot be port forwarded. You may be able to get this working if you setup the ASA as a "DMZ" device from the WRT54GL so that all unknown incoming traffic is forwarded to the ASA. This would be the only way to make this work.

Regards,

Mike

0 Helpful

Go to solution
Svetoslav Simeonov
Level 1
Level 1
In response to Mike Williams

‎09-10-2013 12:14 PM

Hello Mike and thanks for the answer. I had success with the vpn tunnel between the ASAs. My boss saied that he will buy a cisco RV180w router ... my question is will the RV180w do the work to be an site-to-site endpoint to one of the ASAs. Thanks!

0 Helpful

Go to solution
Mike Williams
Level 5
Level 5
In response to Svetoslav Simeonov

‎09-10-2013 12:24 PM

I'm glad you got it resolved. If your question was satisfactorily answered, please mark the thread as answered.

In regards to your question about whether or not the RV180W will act as a VPN endpoing, according to the datasheet the router supports "10 gateway-to-gateway IPSec tunnels", so it appears that it will work for your needs. Here is a link to the datasheet:

http://www.cisco.com/en/US/prod/collateral/routers/ps10907/ps9923/ps11996/c78-697399_data_sheet.html

Regards,

Mike

0 Helpful

Go to solution
Svetoslav Simeonov
Level 1
Level 1
In response to Mike Williams

‎09-10-2013 12:30 PM

Thanks Mike !

0 Helpful
Customers Also Viewed These Support Documents