[Webinar] Streamline your web hosting managementRegister Today


Create a VPN connection on Cisco ASA 5520

Posted on 2011-04-19
Medium Priority
Last Modified: 2012-05-11
I have a Cisco ASA 5520 firewall and I am trying to create a VPN that will allow an outside support company for our school divisions HVAC system to remote in and monitor/make changes to their controls when necessary.

Since this company that needs VPN access has an HVAC system in each of 5 different schools, I was told that one possible solution is to create a new VPN group with a new pool of IP addresses and then create rules that only allow those pool addresses to connect to the target private IP addresses. This way additional NATs are not needed for each location.

Can someone explain to me the process of how to setup this VPN on the Cisco ASA 5520 device. Please provide explanation with some detail as oppossed to just a general answer as I am not intimately knowledgeable of this device at this point in time.

Thanks so much for your input.

Question by:skenny10
LVL 81

Accepted Solution

arnold earned 2000 total points
ID: 35429999
Presumably you have setup a site to site VPN where you defined an ACL
nonat  permit IP mask ip_remote_pass

in this case you would use a host based route
permit ip mask host ip1
permit ip mask host ip2


Access list 90 will need to have the limited to one IP.
The other option is to setup an acl i.e. not to add the nonat

What type of VPN are you considering, site to site with restriction, or remote type of VPN?
Do you use xauth with radius such that part of the reply items can be the cisco-avpair which will set what access the user has?

Cisco has many examples which you could adjust to meet your needs/requirements.
What about setting up an external port forward that can only be accessed from the HVAC location

Author Closing Comment

ID: 35453319

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question