Solved

mpls network / asa 5510 / ipsec

Posted on 2011-03-08
6
591 Views
Last Modified: 2012-05-11
Hi folks
I have an mpls circuit with out internet access.  I also have an ASA sitting behind the mpls router.

What do I need to do to in order to establish an IPSEC tunnel to another vendor?

Thanks,

0
Comment
Question by:vburshteyn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 35072023
If all you are looking for is a basic site to site setup, then Cisco has the HOWTO right here: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080950890.shtml
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35072144
If the MPLS does not have Internet access then there is not much point in the ASA being there.

Is the other vendor accessible via the same private non-Internet MPLS Service?
0
 

Author Comment

by:vburshteyn
ID: 35072158
nope.

I guess for what i need i should get an outside ds3 line this way ill get an outside IP for my ASA.
0
IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

 
LVL 29

Expert Comment

by:pwindell
ID: 35072173
That's correct.  It would also be good if they had the same ASA on their end to simplify the IPSec setup,..although it may still be doable even if you mix brands.
0
 

Author Comment

by:vburshteyn
ID: 35072186
its a same model ASA sitting 5 feet from the one in question.
0
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 35072195
If you do that then to keep the routing scheme synchronous the MPLS Router or some other LAN Router would be the Default Gateway for the LAN and likewise be the central routing "decision maker" for the LAN,...then it would only need  a Static Route on it that told it to use your ASA as he gateway to the other vendor's system.
0

Featured Post

Database Solutions Engineer FAQs

In this series, we will discuss common questions received as a database Solutions Engineer at Percona. In this role, we speak with a wide array of MySQL and MongoDB users responsible for both extremely large and complex environments to smaller single-server environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses
Course of the Month5 days, 20 hours left to enroll

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question