Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco 5505 ASA Site to Site VPN question

Posted on 2014-10-09
7
Medium Priority
?
353 Views
Last Modified: 2014-10-22
Hi All...

I am preparing to configure a Site to Site VPN from our head office to a new remote location in the very near future. I am fretting about how our network is configured and if I'll run into problems.

Our Network it set up more or less as follows:

<--10.0.0.0/24 (LAN) (Linksys RVS4000 set to "Gateway") ---192.168.1.3(WAN)---> <---192.168.1.1(Cisco ASA 5505) ---Outside IP--->

When I set up the VPN, I need our remote location to be able to access the 10.0.0.0/24 network. Do I need to do any fancy configurations to get the Tunnel to cross the 192.168 network?
0
Comment
Question by:TORLYSIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 1

Author Comment

by:TORLYSIT
ID: 40371594
Adding a simplistic vis. drawing of the network I'm speaking ofNetwork diagram
0
 
LVL 10

Expert Comment

by:Schuyler Dorsey
ID: 40375204
I'm sort of confused here...

Are are Linksys gateway and Cisco ASA separated across the internet? (I assume so by your saying a new remote site). But your diagram is confusing to me.

Just curious.. why do you have a Cisco RVS at 192.168.1.3 then going to the ASA at 192.168.1.1? I'm not quite sure what your WAN segment is accomplishing year. I often see a l3 switch or a router with a /30 between itself and the firewall for security reasons but unsure on your setup.

But.. a standard site to site vpn shouldn't be an issue regardless.
0
 
LVL 1

Author Comment

by:TORLYSIT
ID: 40379891
The ASA and the RVS4000 are at the same site (This was built before I was hired to admin it.)

Instead of creating a Port based DMZ, one of my predecessors installed an RVS4000 in Gateway mode with IP ACLs limiting traffic from the 192.168.1.0/24 network to the 10.0.0.0/24 network (All local traffic) sitting behind a Cisco ASA 5505 that terminates at our ISP Router.

I'm currently working on an initiative to find out if I can untangle it without impact but have to set up the new site in a short bit. Hence my question about site to site in our current environment.
0
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

 
LVL 10

Expert Comment

by:Schuyler Dorsey
ID: 40385290
There shouldn't be an issue setting up the site to site even in the current setup.
0
 
LVL 29

Accepted Solution

by:
Alan Huseyin Kayahan earned 2000 total points
ID: 40396014
RVS4000 in Gateway mode with IP ACLs limiting traffic from the 192.168.1.0/24 network to the 10.0.0.0/24 network

Make sure you put an permit ACE in RVS400 allowing traffic sourced from the local network of Beli networks destined to 10.0.0.0/24.

Second, make sure that RVS4000 is not doing any type of NAT between 10.0.0.0/24 and 192.168.1.0/24

Finally make sure that the local side of the interesting traffic ACL in ASA is 10.0.0.0/24 and not 192.168.1.0/24

Doublecheck if RSV4000 has either a default route or manual route regarding Beli Networks' local subnet to 192.168.1.1. Also ASA has a route to 192.168.1.3 for 10.0.0.0/24

As an advice, in case you need to go for restructuring your network, never use the factory default subnets of many vendors such as 192.168.1.0 or 10.0.0.0. It would cause you headaches if by any chance the remote end of the VPN is using the same subnet.
0
 
LVL 1

Author Comment

by:TORLYSIT
ID: 40397635
Thank you MrHusky.

The subnets were definitely not my choice as I inherited the whole thing when I started here.

Thanks for all the information!
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 40398203
You are welcome!
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question