Create a VPN connection on Cisco ASA 5520

Posted on 2011-04-19
Last Modified: 2012-05-11
I have a Cisco ASA 5520 firewall and I am trying to create a VPN that will allow an outside support company for our school divisions HVAC system to remote in and monitor/make changes to their controls when necessary.

Since this company that needs VPN access has an HVAC system in each of 5 different schools, I was told that one possible solution is to create a new VPN group with a new pool of IP addresses and then create rules that only allow those pool addresses to connect to the target private IP addresses. This way additional NATs are not needed for each location.

Can someone explain to me the process of how to setup this VPN on the Cisco ASA 5520 device. Please provide explanation with some detail as oppossed to just a general answer as I am not intimately knowledgeable of this device at this point in time.

Thanks so much for your input.

Question by:skenny10
    LVL 76

    Accepted Solution

    Presumably you have setup a site to site VPN where you defined an ACL
    nonat  permit IP mask ip_remote_pass

    in this case you would use a host based route
    permit ip mask host ip1
    permit ip mask host ip2

    Access list 90 will need to have the limited to one IP.
    The other option is to setup an acl i.e. not to add the nonat

    What type of VPN are you considering, site to site with restriction, or remote type of VPN?
    Do you use xauth with radius such that part of the reply items can be the cisco-avpair which will set what access the user has?

    Cisco has many examples which you could adjust to meet your needs/requirements.
    What about setting up an external port forward that can only be accessed from the HVAC location

    Author Closing Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
    Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now