Solved

ASA as gateway for a 2811 router that will be site site VPN

Posted on 2012-03-28
2
336 Views
Last Modified: 2012-04-05
Dear Experts,
I am in need to establish a site to site VPN between 2 cisco routers. One router does not have internet access. I need to make our ASA 5505 its gateway to the internet. I need to make the 2811 router visible in the internet. I have an external IP address I can give it in one of the interfaces (fa 0/0).

I am thinking of using one of the interfaces of the ASA5505 as a DMZ for the Cisco 2811. My questions are for the necessary commands to make this happen in both devices. Is this possible?
Here is an illustration attempted of what the idea looks like.

---voice and data --SA-router 2811¿----¿ ASA5505     VPN   internet  VPN    ASA5510 ¿--¿                                            
                                                                         HOU-router---voice and data traffic            

I only need this for one router by the way. I am more challenge in the asa5505 part.

We tried the site to site VPN between the firewalls but it didn’t work.

Regards, M
0
Comment
Question by:marceloNYC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 2

Accepted Solution

by:
gbblaster earned 500 total points
ID: 37783080
There is no reason why a VPN between the firewalls wouldn´t work. Can you post the crypto map and isakmp settings along with the ACL that you associated with the tunnel?

If you gave up on the ASA---ASA VPN, then all you´d need to do on the ASA to assign a public IP address to the router  is a static translation on the ASA

static (DMZ,Outside) {public address} {internal router address}

then open inbound permits on the ASAs outside ACLs for vpn traffic wich include:

Protocol ESP
UDP 500
UDP 4500
0
 

Author Comment

by:marceloNYC
ID: 37806078
today what we are going to do is place a switch between the ISP and the firewall to split the internet access. That is how we are going to make the Router visible to the internet. Once is working will let you know.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question