Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Configuring Cisco ASA for site to site VPN ( Issue with setting up local network)

OK, so our primary firewall is a checkpoint gateway. Behind that we have a cisco ASA for vpn users. I have a project at the moment where we need to connect to another company using site to site VPN through the cisco ASA, as the checkpoint gateway is unable to establish a permanent tunnel with the other companies Cisco ASA.

What would be the best practise for setting up the local network on my side? Create the network on the ASA and then use a L2 vlan to connect to the Core switch? 

Setup a L3 interface on the core switch and point it towards the checkpoint gateway which would then point to the ASA?

When you have to select your local network through the site to site wizard do you have to put the inside network address of the ASA?


Our network is setup like this: Access layer switch > Core 6500 Switch > Checkpoint-Firewall > Internet

The ASA is connected to a checkpoint sub interface

 

Any help would be beneficial as im new to cisco ASAs 

 

Thanks

 

Mark

 

 

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Gold

Mark If we understood more

Mark

 

If we understood more about your environment we might be able to give you better answers. My initial reaction was similar to the suggestion from Michael to use a L2 vlan. But as I think a bit more my attention is drawn to something that you mention in the original post. The ASA is there for VPN users. If the VPN users need to access your internal network then you probably already have something configured on the ASA that allows access to the internal network. Perhaps that same thing might provide access for your site to site VPN?

 

HTH

 

Rick

3 REPLIES

The Checkpoint firewall

The Checkpoint firewall should be able to have a LAN to LAN tunnel to any brand firewall. I would setup the network on the ASA and have a L2 VLAN to your switch. 

New Member

Thanks Michael for your

Thanks Michael for your response. The checkpoint firewall cannot be used because it doesn't have the capability of sustaining a permanent tunnel. 

 

 

 

 

Hall of Fame Super Gold

Mark If we understood more

Mark

 

If we understood more about your environment we might be able to give you better answers. My initial reaction was similar to the suggestion from Michael to use a L2 vlan. But as I think a bit more my attention is drawn to something that you mention in the original post. The ASA is there for VPN users. If the VPN users need to access your internal network then you probably already have something configured on the ASA that allows access to the internal network. Perhaps that same thing might provide access for your site to site VPN?

 

HTH

 

Rick

186
Views
5
Helpful
3
Replies
CreatePlease to create content