Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN to ASA with a Private IP

Hello All,

I have an ISP that has given me a bunch of public IP's but my gateway is a private address.(point to point to the ISP Router).

I have attached this line to an ASA 5510.

What I want to do is

1) have the ASA with a Private IP on the Outside interface Using 1 Public IP as a VPN Server.

2) 1 Public IP as a Web Server and

3) the 3rd Public IP for surfing from the Inside Interface.

I have tried so far to get my first aim to work without success. I can't even get the ASA 5510 to reply to pings to any of the Public IP Addresses from the Outside that I have configured.

Is this at all possible ?

I have already configured something similar with a ASA 5510 that has a Public IP on the Outside interface - this made the job easy.

Please help.

Thanks

8 REPLIES
New Member

Re: VPN to ASA with a Private IP

This helps loads with the Ping but - can you also help with the Public - Private IP VPN bit too ?

Re: VPN to ASA with a Private IP

Once you've got the public IP assigned to the outside interface. Setting up the additional access should be pretty easy. All you need is a static statement and an ACL for inbound access to your webserver and you can use the outside interface of the firewall for outbound PAT.

This document should help:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008046f31a.shtml

New Member

Re: VPN to ASA with a Private IP

Thanks Eddie - I will try this and let you know again in the morning - I am working in Germany . getting late here :-)

New Member

Re: VPN to ASA with a Private IP

Sorry eddie - this didn't solve my main problem - everything else is gone now though.....here a little drawing with a few exaple IP's in it - maybe this makes more sense of what I am trying to do

Re: VPN to ASA with a Private IP

So, you've got 12.12.12.1 assigned to the outside interface of your ASA?

Now all you need to do is configure a static and ACL to permit inbound access to your webserver:

static(inside,outside) 12.12.12.2 192.168.1.x netmask 255.255.255.255

access-list outside_in permit tcp any host 12.12.12.2 eq 80

access-group in interface outside

To allow outbound access from your internal clients (will use the outside IP address of the ASA for PAT) you need the following:

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

I won't go into configuring a remote access VPN here, but this document should guide you:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml#cli

New Member

Re: VPN to ASA with a Private IP

Eddie,

Configured on the outside interface I have 10.250.250.5

So how do I assign the 12.12.12.1 to the same interface so that I can have the ASA accept IPSec connections to this IP ?

This is what I do not understand.

Re: VPN to ASA with a Private IP

I think you're only options here would be to set up a static NAT translation on your ISP router (12.12.12.1 -> 10.250.250.5)

(Not sure if this will work with VPN's though)

OR

Reconfigure the ASA to have 12.12.12.1 assigned to the outside interface.

154
Views
4
Helpful
8
Replies
CreatePlease login to create content