How do I set up one ASA to send two VLANs over a VPN tunnel?

My job recently changed due to a relocation, so now I work from home.

I have one static IP through my ISP.  As a residential customer, I cannot get two statics on one DSL line and of course, I can't have both DHCP and Static on one line at the same time.  I am trying to figure this out without upgrading to a business line where two statics are allowed.

I currently use a VPN connection back to the office through my computer.  Now I need to add an ASA for an IP phone.

My computer and IP phone have to be on separate VLANs to work correctly.  How so I send both back to the office with only one Static IP? (two VLANs over one VPN tunnel)?
Who is Participating?
batry_boyConnect With a Mentor Commented:
Let's say the two VLAN's at your house are and and that you have a single network at the office which is  If the firewall at the main office has an IP address of, then here are the commands you could use to do this:

access-list outside_10_cryptomap extended permit ip
access-list outside_10_cryptomap extended permit ip
access-list inside_nat0_outbound extended permit ip
access-list inside_nat0_outbound extended permit ip
nat (inside) 0 access-list inside_nat0_outbound
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto map outside_map 10 match address outside_10_cryptomap
crypto map outside_map 10 set peer
crypto map outside_map 10 set transform-set ESP-AES-256-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
tunnel-group type ipsec-l2l
tunnel-group ipsec-attributes
 pre-shared-key <whatever_preshared_key_you_want_to_use>

If you don't want to use AES, then you can change it to 3DES or something else for the IPSEC and ISAKMP portions.
wilsjConnect With a Mentor Commented:
Do you have access to configure the VPN defice at your work place? What device is at your work place? The one static from your ISP is not a problem.

The VPN tunnel from your computer will have to transfer to the ASA and you will need some one on the other end if it isn't you to configure the VPN tunnel.

You will need the following for the ASA

crypto maps specifying the peer IP of your work place. ( firewall IP address) the encryption and acl to be passed through the tunnel(interesting traffic).
and a tunnel group specifying the IP address(if using version 7.0)
Acl specifying the traffic going to the work place(interesting traffic) You will also need the hosts from your work place that you need to talk to.

Basically to give step by step you need to give more information.
Do you have have access to configure the other device? If not can you get someone to set it up at the work place?
Do you know the hosts you need access to through the tunnel?
unitedtelcomAuthor Commented:
Thank you so much. My guys at the office tell me this is what they were looking for.  I'll be set up early next week with my phone in hand.

Thanks again for your time and effort!
Good luck!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.