[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

VPN and web access from internal interface to public IP on outside interface

Posted on 2010-11-09
6
Medium Priority
?
383 Views
Last Modified: 2012-05-10
I am trying to see if it is possible to accomplish what I am trying. I have an ASA 5505 with the following setup.

1. There is an outside connection, connected to the ISP. Lets say that it is 10.1.1.1/24 for ease. There is a remote VPN setup that people access through this interface.

2. There is the inside network which is the normal LAN. This is the wired network in the office. lets say that it is 172.20.0.1/24.

3. There is a wireless network on a seperate VLAN called WLAN. It has an IP of 192.168.1.1/24. There is an ACL allowing traffic from this VLAN to the public internet.

Basically I would like users to be able to use the same VPN settings that they use when connecting from outside the office while connected to WLAN.

Also I would like them to be able to access the public IP addresses that I have NAT'd to internal servers. That way they can use the IP addresses that they use when on the public internet.

Can this be done?
0
Comment
Question by:ryan80
  • 4
  • 2
6 Comments
 
LVL 28

Expert Comment

by:bgoering
ID: 34102436
If I am understanding your requirements, you wish your Wireless clients to access the inside network through the VPN. I would try something like configuring their VLAN on the outside interface rather than the inside interface.
0
 
LVL 12

Author Comment

by:ryan80
ID: 34105443
that is correct. I want them to be able to reach the internal VLAN through the existing VPN.

Correct me if I am wrong, but isnt each VLAN treated as a seperate interface?
0
 
LVL 28

Accepted Solution

by:
bgoering earned 1500 total points
ID: 34108510
Yes, you are right so scratch that. I was thinking more along the lines of putting the WLAN outside the firewall (like through a router or L3 switch). Then it wouldn't have to be routed or traverse the inside interface. At that point it should behave like any other outside address accessing the VPN.

How is the WLAN connected? Is it another VLAN on the ASA (Like a DMZ), or is it a seperate VLAN on your internal network?

It would probably be easiest if you can post a sanatized config of your ASA so I can determine your starting point. Change your public IP to 10.1.1.1 like in your description above. If passwords aren't encrypted mask them.

0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 12

Author Comment

by:ryan80
ID: 34111427
The WLAN is on a seperate VLAN on the ASA. There are 3 VLANs on the ASA, the public outside, internal LAN, and the WLAN. I can post the config, but I am just trying to see if it is possible at this point in time.

I will sanitize the config and post it later, but may not have the chance until tomorrow.
0
 
LVL 12

Author Comment

by:ryan80
ID: 34116554
I havent had a chance to sanitize the config yet, but I was told by someone else that by design you cannot access a VPN on an interface that you are not connected directly to. However I can just apply the same crypto map to the other interface and then I hopefully can just use the VPN that way.

So I imagine that now they will just need to use the interface IP address of the WLAN interface.
0
 
LVL 12

Author Closing Comment

by:ryan80
ID: 34192523
Thanks for the help. As it turns out, you cannot access a vpn that is set on another IP interface. I applied the crypto map to the other interface and will just have to configure the VPN client to go to the other IP.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month19 days, 3 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question