Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

mpls network / asa 5510 / ipsec

Posted on 2011-03-08
6
Medium Priority
?
593 Views
Last Modified: 2012-05-11
Hi folks
I have an mpls circuit with out internet access.  I also have an ASA sitting behind the mpls router.

What do I need to do to in order to establish an IPSEC tunnel to another vendor?

Thanks,

0
Comment
Question by:vburshteyn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 35072023
If all you are looking for is a basic site to site setup, then Cisco has the HOWTO right here: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080950890.shtml
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35072144
If the MPLS does not have Internet access then there is not much point in the ASA being there.

Is the other vendor accessible via the same private non-Internet MPLS Service?
0
 

Author Comment

by:vburshteyn
ID: 35072158
nope.

I guess for what i need i should get an outside ds3 line this way ill get an outside IP for my ASA.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 29

Expert Comment

by:pwindell
ID: 35072173
That's correct.  It would also be good if they had the same ASA on their end to simplify the IPSec setup,..although it may still be doable even if you mix brands.
0
 

Author Comment

by:vburshteyn
ID: 35072186
its a same model ASA sitting 5 feet from the one in question.
0
 
LVL 29

Accepted Solution

by:
pwindell earned 2000 total points
ID: 35072195
If you do that then to keep the routing scheme synchronous the MPLS Router or some other LAN Router would be the Default Gateway for the LAN and likewise be the central routing "decision maker" for the LAN,...then it would only need  a Static Route on it that told it to use your ASA as he gateway to the other vendor's system.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Considering cloud tradeoffs and determining the right mix for your organization.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question