Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

CISCO ASA 5510

Posted on 2013-02-07
5
Medium Priority
?
561 Views
Last Modified: 2013-02-08
In our data center i have a SRX 5308 Netgear router. This router is the main hub in a vpn hub and spoke set up. I also have a few servers that are connected to this router. We are putting in a CISCO ASA 5510 router with SSL VPN any connect. How can i have both router running together and people VPN to cisco and access the servers on the netgear router?
0
Comment
Question by:kajumblies
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 5

Expert Comment

by:Leeeee
ID: 38865168
To reiterate your question, you still want the Netgear to handle site-to-site VPN termination and you the ASA to terminate SSL VPN sessions?
0
 

Author Comment

by:kajumblies
ID: 38865238
correct
0
 
LVL 5

Expert Comment

by:Leeeee
ID: 38865807
If you have a range of public IP's, simply assign the outside interface of the 5510 a public IP and configure SSL VPN as normal. As long as the Netgear knows how to route to the ASA, it's straightforward design. Make sure port 443 is allowed through the Netgear outside ACL. Make sure the ASA has static routes to subnets that you want users to be able to access IE server subnet etc.
0
 

Author Comment

by:kajumblies
ID: 38866054
1. Do i need to configure static routes on both netgear and cisco or just cisco?
2. How would i set this up on both sides to make the above work?
0
 
LVL 5

Accepted Solution

by:
Leeeee earned 1500 total points
ID: 38866162
Are you PAT'ing everything on the SRX or do you have a few public IP's you can use?

ASA needs to know how to get outside, so a default route to the SRX is needed. Potentially a static route to the server network as well if that network is being routed on a core switch/something other than the SRX etc.

The SRX would need a route to the ASA if the ASA is on a different segment than the SRX.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question