Setting up remote to site ip sec VPN (Actiontech FIOS/Cisco ASA 5505)

Posted on 2012-09-02
Last Modified: 2012-09-11

I have a FIOS Actiontech router and static IP along with Cisco ASA 5505 appliance and want the ability for 3 or 4 users to connect from anywhere via the internet to the site utilizing a secure ip sec or SSL connection. There are no servers at the site, just a peer to peer Wintel network. Must be able to use RDS, print to site printers and access multiple systems/shared drives etc. What is the best route to take without being super complicated?

Question by:AskJeeves2112
    LVL 35

    Expert Comment

    by:Ernie Beek
    Well, there will always be a certain level of complexity ;)

    If the ASA has a public IP you could terminate the VPNs on that. There are several ways to do this. Have a browse through:
    And have a look at: Remote Access VPN, Easy VPN, SSL VPN/Web VPN, etc.

    The choice might be complicated ;)
    LVL 2

    Accepted Solution

    Quick question/recommendation for the FiOS setup. Are you using or planning to ever use the FiOS tv service? If not then I would ditch the actiontec router. With a single static ip, the actiontec is going to use that ip unless you put it in "bridge mode" which in my experience is problematic with FiOS. Verizon has put what they call an niu (network interface unit) somewhere in your building. That's where the fiber terminates. They have 2 options from there, they can run coax from that box to your suite or they can run straight Ethernet. By default they go with coax and terminate on the actiontec which you need if your using their tv service as well. If not I would have them run the Ethernet option which eliminates the need for the actiontec. They can run Ethernet from the niu straight to your ASA, no modem/router needed. Then you can put the public ip on the Asa's outside interface. You will have to ask Verizon to come back out to switch you from coax to Ethernet but its a better setup. If you are going to use the tv service and need the actiontec then leave it on coax and order a block of ips so you don't have to attempt to bridge or use nat to allow connections back to your ASA.

    Author Comment

    Thanks for both replies - I appreciate it!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
    The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now