Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Port 3 of ASA 5510 firewall use to let outside traffic through to VPN router.

Posted on 2013-06-25
8
454 Views
Last Modified: 2013-06-26
Dear Experts,

I need to let an ASA 5510 port let outside traffic pass though. I made its security 0 and gave it neither an external or internal IP address. That is the question. What else should I do to that port to it lets VPN traffic pass from another office to a cisco VPN router.

This is what it looks like:

interface Ethernet0/3
 nameif To_VPN_router
 security-level 0
 no ip address

Will this let outside traffic pass to the Cisco VPN Router?
0
Comment
Question by:marceloNYC
  • 4
  • 4
8 Comments
 
LVL 17

Expert Comment

by:MAG03
ID: 39274691
Well the interface would need an IP. It is required that it has connectivity to the remote site, or remote users if it is remote access VPN.  Once you have established connectivity to the outside host/hosts and assuming that the VPN is configured correctly, things will start to work.
0
 

Author Comment

by:marceloNYC
ID: 39274717
Yeah the VPN router is working right now using another ISP. We had change ISP and have no other interface available other than the one from the ASA. So you are saying I need to give this interface an external IP address and what else?

Should I use a switch instead?

I need to make the VPN router change its way to the internet over the ASA.
0
 
LVL 17

Expert Comment

by:MAG03
ID: 39274740
If you could elaborate a bit more on what you are trying to do please.

Right now, yes you need an IP on the interface, also you would need to configure routing out that interface.  depending on your requirements you would either set up static routes pointing out that interface or you would set up a default route.  I would need to know more about your situation.  Will this be your primary ISP?  Will the ASA be the default gateway for your hosts? Will the existing VPN router still be used for something? will the existing ISP that the VPN router is using still be used?  Is the ASA only going to be used for VPN?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:marceloNYC
ID: 39275064
Okay, I need to make the VPN router access the internet with the new ISP. I have a ASA firewall connected to the AT&T Router. There is only one ISP now the other two and going to be discontinue.

I don't want the ASA to be the default gateway of the VPN router.

The ASA is not going to be use for site to site VPN .
 
The existent VPN router needs to change its public IP address and access to the web. Using the access the ASA has right now.  

So is it easier to use that 3rd port in the ASA firewall or should I put a switch in between the  ISP (AT&T router) with the ASA and VPN router.

remote vpn offices <--------------------------------------> ISP  AT&T router <---> ASA 5510


How do I get the VPN router to work with that order above. It is going to have its dedicated ISP line discontinue.
0
 
LVL 17

Expert Comment

by:MAG03
ID: 39275973
I would give the AT&T router the new public IP if it doesnt have it allready, then assign an IP to the inside interface of the AT&T router (or is it configured as the DHCP server?), then ad an IP to the ASA outside interface so that it has connectivity with the router, then configure access rules, NAT (if needed), and routing so that the ASA can reach the remote clients (again if needed) and the internet.
0
 

Author Comment

by:marceloNYC
ID: 39276075
No, The AT&T router is not managed by me. I have our Cisco VPN router and that ASA behind the AT&T router to the internet. I am thinking of using 3 switch ports in a switch with its own VLAN. I need to figure that one out. I am not liking using the third port for the ASA Anymore.
0
 
LVL 17

Accepted Solution

by:
MAG03 earned 500 total points
ID: 39277156
In this case, yes a switch would be the easiest to get this working.
0
 

Author Closing Comment

by:marceloNYC
ID: 39278195
Thank you for your time on this. It is good to have an experts opinion on the side :)
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question