09-27-2013 12:45 AM - edited 03-04-2019 09:09 PM
Hi all
We have an ADSL router with the public IP on that, behind this we have an ASA firewall
Is it possible to create a site to site tunnel if I NAT the correct ports to the ASA ? if so what ports would I need to NAT, GRE / ISAKMP, UDP500 etc ?
cheers
09-27-2013 01:59 AM
yes, that can be done. But first you should check if you can change the dsl-router to modem-mode where you have the public IP directly on the ASA. That would make things more easy.
If it is not possible, then you have to forward UDP/500 and UDP/4500 to the ASA to make IPSec work. Or for more flexibility in later changes configure the ASA as an "exposed host" on the DSL-router to which all traffic is forwarded that enters your network.
Sent from Cisco Technical Support iPad App
09-27-2013 03:36 AM
by exposed host do you mean to do a direct nat for everything to the ASA ?
09-27-2013 03:41 AM
yes, thats the term that is often used in smaller dsl-routers.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide