nating do it only in the Internet router as i mentioned above to avoid complexity of having two nating

for packet filtering ( security ) allow only required ports from outside to the server in the DMZ and block other ports

good luck

Hello marwan

1)What address should be  configured on the vpn client software?in order to access the company?

2)is it recomended the lan switches/ASAs to be active active?

thanks

i am assuming the VPN terminate on the ASA

as i am not aware if you have public IPs or only the IP assigned to your internet router!

if you are going to use the internet router outside ip for VPN use the static nat (pat ) above and usethe router interface IP (outside) for VPN

if you want to use a seperate IP ( given to you by your ISP ) just make simple static nat as above but instead of usinginterface keyword in the command use the public IP:

ip nat inside static x.x.x.x y.y.y.y

x.x.x.x outsid eIP of AA

y.y.y.y public IP given to you by your ISP

fr redundeancy as i told you above you ca use the IP address of the second router (ISP) as a second option in the vpn client incase the first router or ISP gose donw you will have a backup link

nating config same concept exactly

good luck

Freind marwan!

Thanks for ur support on this threats,i ll write the config to notpad then submitt it to check it

Thanks

Happy new year marwan,

happy new year to you too

Hello marwan!

I Followed ur config and the site is up and running,thanks to y marwan and thanks to jon also

Appreciate

i am glad its working and also thanks for your rating as well

please mark this discussion as resolved to let other people know this is resolved when they do search here ( just trying to help )

Hello marwan

1)where can i mark this threats as resolved

2)i have similar threat by adding onother link for from each border router inside interface,i.e to be added onother redundant link,try to help if u can

thanks