[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Configuring site-to-site using Cisco ASDM

Posted on 2010-08-15
5
Medium Priority
?
511 Views
Last Modified: 2012-05-10
Hi guys,
Please I need to add servers to site-to-site VPN on Cisco ASA 5520, please I have setup my side of site-to-site using ASDM, and I have manage to connect to remote site (Third party), but am struggling adding the servers the third party are allowed to access on our network, i.e. I have 4 servers
172.16.20.X/24
172.16.23.X/24
172.16.24.X/24
172.16.25.X/24
Please I have other servers on the network that has 172.16.x.x, and the third party are not allowed to access them.
And the third part are also allowing us access to 4 of their servers
10.20.16.X/24
10.20.17.X/24
10.20.18.X/24
10.20.16.X/24
Please i will be grateful if you can show me step-by-step process of doing this using ASDM,

Thanks for the anticipated response
0
Comment
Question by:lawrencedada
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33443179
Hi,

please refer this page:

http://www.petenetlive.com/KB/Article/0000072.htm

Best regards,
Istvan
0
 

Author Comment

by:lawrencedada
ID: 33451367
Thanks ikalmar, as i said in the post, i have configured the site-to-site, what i want to know is how to allow an external third parties access resources in our network,  I may be wrong, does that not involves
•      creating network object group,
•      creating access list that permit/deny that group from what they are allowed/not allowed on the network
I have an idea of what I want to do it, only that I  am not very sure of how to go about it.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33451901
please show the whole config
0
 

Accepted Solution

by:
lawrencedada earned 0 total points
ID: 33461220
Thanks ikalmar,
Am sorry it is not feasible to upload the config on this ASA, it so big it will take me the whole day to edit and screen all sensitive information on it, my opinion is that for what I was asking, you may not need the config to get it done.
Well I managed to figure it out, to allow a particular server of or subnet or vlan, you need to click on NETWORK OBJECT GROUP, and just add it, and to complete it  you need to use access list tab residing within firewall  area of ASDM, and just allow both in and out.

Yes I have completed this, and up to this time the point will not be awarded, but am waiting for the remote site guy to complete his own side of the VPN config, I will wait and see if there is any other question/s I may ask to deserve the point be awarded, if you don’t mind I will leave the problem opened and ask any question that may comes up.
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 33470614
you can try adding an access list on your ASA.

prevent third-party access to your nework EXCEPT the 4servers.
ip access-list extended 3prty_to_internal
permit ip <source x.x.x.x place subnet of third party> mask 172.16.20.x 0.0.0.0
permit ip <source x.x.x.x place subnet of third party> mask 172.16.23.x 0.0.0.0
permit ip <source x.x.x.x place subnet of third party> mask 172.16.24.x 0.0.0.0
permit ip <source x.x.x.x place subnet of third party> mask 172.16.25.x 0.0.0.0
deny any any (this is implicitly denied, but best practice to put to see denied counter)

then apply the access list to the appropriate interface

hope it helps :-)

0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question