Solved

mpls network / asa 5510 / ipsec

Posted on 2011-03-08
6
590 Views
Last Modified: 2012-05-11
Hi folks
I have an mpls circuit with out internet access.  I also have an ASA sitting behind the mpls router.

What do I need to do to in order to establish an IPSEC tunnel to another vendor?

Thanks,

0
Comment
Question by:vburshteyn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 35072023
If all you are looking for is a basic site to site setup, then Cisco has the HOWTO right here: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080950890.shtml
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35072144
If the MPLS does not have Internet access then there is not much point in the ASA being there.

Is the other vendor accessible via the same private non-Internet MPLS Service?
0
 

Author Comment

by:vburshteyn
ID: 35072158
nope.

I guess for what i need i should get an outside ds3 line this way ill get an outside IP for my ASA.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
LVL 29

Expert Comment

by:pwindell
ID: 35072173
That's correct.  It would also be good if they had the same ASA on their end to simplify the IPSec setup,..although it may still be doable even if you mix brands.
0
 

Author Comment

by:vburshteyn
ID: 35072186
its a same model ASA sitting 5 feet from the one in question.
0
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 35072195
If you do that then to keep the routing scheme synchronous the MPLS Router or some other LAN Router would be the Default Gateway for the LAN and likewise be the central routing "decision maker" for the LAN,...then it would only need  a Static Route on it that told it to use your ASA as he gateway to the other vendor's system.
0

Featured Post

How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Layer 3 switch recommendation 15 98
TLS 1.0 & Windows 7 - How to disable? 16 237
Cisco ASA 5505 firewall open port 4 56
X.509 Cert Upload to Cisco WAP 6 56
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question