Site to Site VPN Tunnel ASA 5505 with 2 VLANs
Posted on 2013-01-24
I have 2 Cisco ASA 5505 appliances. 1 has a security plus license and the other is the base license. I need to connect a remote office using a VPN site-to-site tunnel.
At the main site I have Cisco switches setup on 2 VLANs. VLAN20 for 192.168.2.0 network and VLAN10 used for an ESI IP Phone system that uses UDP/TCP ports 59101 and 59002. The phone controller is at the main site with an IP of 192.168.1.50. At the main site I'm wanting to use the sec plus license to allow both VLANs to connect to the internet and certain traffic into both VLANs as well, but I don't need interVLAN traffic.
At the remote site I'm planning on using a 192.168.3.0 network with 2 VLANs (10 & 20 as well). There will be a couple IP phones connected to VLAN20. I want their VLAN 10 internet traffic to go out through their respective WAN connection, but the IP phones to only connect to the main site through the VPN tunnel. If possible, I would also like for the remote site to be able to communicate with the main site at 192.168.2.0 network through the VPN tunnel. I was planning on using the ASA 5505 base license at the remote site, but I may need to purchase a sec plus license for it as well to make this work.
I'm needing some help configuring both ends to make this all work. I haven't configured either device yet, and thought it would be a good idea to have an "expert" involved at this point. I'm needing to know:
1) Will this work?
2) Is a security plus license required on both ends?
3) Given that it will work and that I have the correct equipment, can you provide me with some configuration guidelines for this scenario to get me started?