Create a VPN connection on Cisco ASA 5520

I have a Cisco ASA 5520 firewall and I am trying to create a VPN that will allow an outside support company for our school divisions HVAC system to remote in and monitor/make changes to their controls when necessary.

Since this company that needs VPN access has an HVAC system in each of 5 different schools, I was told that one possible solution is to create a new VPN group with a new pool of IP addresses and then create rules that only allow those pool addresses to connect to the target private IP addresses. This way additional NATs are not needed for each location.

Can someone explain to me the process of how to setup this VPN on the Cisco ASA 5520 device. Please provide explanation with some detail as oppossed to just a general answer as I am not intimately knowledgeable of this device at this point in time.

Thanks so much for your input.


skenny10IT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
Presumably you have setup a site to site VPN where you defined an ACL
nonat  permit IP mask ip_remote_pass

in this case you would use a host based route
permit ip mask host ip1
permit ip mask host ip2

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

Access list 90 will need to have the limited to one IP.
The other option is to setup an acl i.e. not to add the nonat

What type of VPN are you considering, site to site with restriction, or remote type of VPN?
Do you use xauth with radius such that part of the reply items can be the cisco-avpair which will set what access the user has?

Cisco has many examples which you could adjust to meet your needs/requirements.
What about setting up an external port forward that can only be accessed from the HVAC location
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
skenny10IT ManagerAuthor Commented:
thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.