Re: VPN Scenario…is it possible ????!!!!!

Amer Mohammad Abu zied · ‎10-14-2010

Dear all

I have the following situation to implement but I don’t know if it possible or not and the scenario as follows:

I have a Cisco ASA 5510 with base license and 2 different ISPs I want to connect the 1 ISP on the outside interface and the 2^nd ISP on a DMZ and there is 1 inside interface is it possible to make all users to surf the internet from outside and to terminate a site-to-site VPN on the DMZ (with real ip address) to access other remote site

Resources

and that’s all

And thanks in advance

kmittal · ‎10-14-2010

Hello Amer,

Yes the scenario you are trying is possible.

1. For Internet traffic and remote access vpn originating from inside your network to outside

route outside 0 0

pointing towards ISP 1.

2. Whereas for all the site 2 site vpn you would require to put static route for remote peer and remote internal network through DMZ interface

for eg :

route DMZ a.a.a.a 255.255.255.255 ( where a.a.a.a is remote peer)

route DMZ x.x.x.x mask < next hop > ( where x.x.x.x is remote internal network required to be accessed)

Note : for all the remote access vpn terminating on your firewallto access internal network use

route DMZ y.y.y.y mask ( where y.y.y.y is the ip pool of the remote access vpn)

Regards

Kumar Gaurav