Solved

ASA as gateway for a 2811 router that will be site site VPN

Posted on 2012-03-28
2
331 Views
Last Modified: 2012-04-05
Dear Experts,
I am in need to establish a site to site VPN between 2 cisco routers. One router does not have internet access. I need to make our ASA 5505 its gateway to the internet. I need to make the 2811 router visible in the internet. I have an external IP address I can give it in one of the interfaces (fa 0/0).

I am thinking of using one of the interfaces of the ASA5505 as a DMZ for the Cisco 2811. My questions are for the necessary commands to make this happen in both devices. Is this possible?
Here is an illustration attempted of what the idea looks like.

---voice and data --SA-router 2811¿----¿ ASA5505     VPN   internet  VPN    ASA5510 ¿--¿                                            
                                                                         HOU-router---voice and data traffic            

I only need this for one router by the way. I am more challenge in the asa5505 part.

We tried the site to site VPN between the firewalls but it didn’t work.

Regards, M
0
Comment
Question by:marceloNYC
2 Comments
 
LVL 2

Accepted Solution

by:
gbblaster earned 500 total points
ID: 37783080
There is no reason why a VPN between the firewalls wouldn´t work. Can you post the crypto map and isakmp settings along with the ACL that you associated with the tunnel?

If you gave up on the ASA---ASA VPN, then all you´d need to do on the ASA to assign a public IP address to the router  is a static translation on the ASA

static (DMZ,Outside) {public address} {internal router address}

then open inbound permits on the ASAs outside ACLs for vpn traffic wich include:

Protocol ESP
UDP 500
UDP 4500
0
 

Author Comment

by:marceloNYC
ID: 37806078
today what we are going to do is place a switch between the ISP and the firewall to split the internet access. That is how we are going to make the Router visible to the internet. Once is working will let you know.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now