Remote-Access & Site-Site VPN at a time in ASA Firewall

RAMU CH
RAMU CH used Ask the Experts™
on
HI,

Can we configure  Remote access VPN and Site-Site VPN tunnel in a same ASA 5510 firewall,if so pls send a refference document

Regards
Ramu
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Ron MalmsteadInformation Services Manager

Commented:
While I don't have a reference document.... I use both of these simultaneously all the time.

There can be conflicts however if the local subnet of a remote access user is the same as a remote site, where they aren't located.

Ron MalmsteadInformation Services Manager

Commented:
Tip: Be sure to backup your running firewall config before making any changes.

Author

Commented:
Yes You are right

If Remote End & VPN server end same Networks ,how can i troubleshoot, if conflict happens it will be trouble , Do we have to NAT  at Server end Network to some other Private N/w

Ex:
if actual (conflgict) N/w is 192.168.203.X /24 Nhas to atted to 172.16.203.0/24

Regards
Ramu
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Information Services Manager
Commented:
I would simply avoid using a 192.168.x.x network, or 10.1.x... for the internal LAN....
These are common client networks for many consumer firewall and router devices...including cable modems and dsl modems.

As long as you stick with a 172.x based network or something else unique ...internally, it will be HIGHLY unlikely that any home/remote user will have that same subnet.

The chances of conflict are low, and the ramnifications of a conflict are even less.

Author

Commented:
Hi ,

One more issue..

I have configured first SIte-Site VPN tunnel in ASA Firewall and later just now i have configured Remote-Access VPN . Before Remote VPN access configuraton Site-Site Tunnel is fine , after
Remote access VPN configuration , Site-Site tunnel gets down and Remote aceess VPN is working fine.

Pls find the attachment of the configuration and find out any tunnel parameters could be the issue for this ASA-FW-04AUG11-After-FIrst-Modif.TXT
Top Expert 2011

Commented:
You can have only one crypto map applied to the interface. You can not have both Outside_map and miro-map cryptomaps applied to same interface.

My suggestion is to use one cryptomap for both remote access and site-to-site
Top Expert 2011
Commented:
Here is what you need

crypto map miro-map 65535 ipsec-isakmp dynamic Outside_dyn_map


Then apply miro-map to the outside interface

Author

Commented:
Thanks , will do now & confirm you

Regards
Ramu
Ernie BeekSenior infrastructure engineer
Top Expert 2012

Commented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial