Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ASA as gateway for a 2811 router that will be site site VPN

Posted on 2012-03-28
2
Medium Priority
?
338 Views
Last Modified: 2012-04-05
Dear Experts,
I am in need to establish a site to site VPN between 2 cisco routers. One router does not have internet access. I need to make our ASA 5505 its gateway to the internet. I need to make the 2811 router visible in the internet. I have an external IP address I can give it in one of the interfaces (fa 0/0).

I am thinking of using one of the interfaces of the ASA5505 as a DMZ for the Cisco 2811. My questions are for the necessary commands to make this happen in both devices. Is this possible?
Here is an illustration attempted of what the idea looks like.

---voice and data --SA-router 2811¿----¿ ASA5505     VPN   internet  VPN    ASA5510 ¿--¿                                            
                                                                         HOU-router---voice and data traffic            

I only need this for one router by the way. I am more challenge in the asa5505 part.

We tried the site to site VPN between the firewalls but it didn’t work.

Regards, M
0
Comment
Question by:marceloNYC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 2

Accepted Solution

by:
gbblaster earned 2000 total points
ID: 37783080
There is no reason why a VPN between the firewalls wouldn´t work. Can you post the crypto map and isakmp settings along with the ACL that you associated with the tunnel?

If you gave up on the ASA---ASA VPN, then all you´d need to do on the ASA to assign a public IP address to the router  is a static translation on the ASA

static (DMZ,Outside) {public address} {internal router address}

then open inbound permits on the ASAs outside ACLs for vpn traffic wich include:

Protocol ESP
UDP 500
UDP 4500
0
 

Author Comment

by:marceloNYC
ID: 37806078
today what we are going to do is place a switch between the ISP and the firewall to split the internet access. That is how we are going to make the Router visible to the internet. Once is working will let you know.
0

Featured Post

Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question