Solved

Cisco ASA 5510

Posted on 2015-02-04
6
176 Views
Last Modified: 2015-02-05
I have a Cisco ASA 5510 and we have a vendor that has given me a single ip address on his end. He needs to reach 6 different static ip addresses inside my network through the single vendor supplied ip address. What would the best way to handle this through the firewall? VPN or some other way and how do you set it up?
0
Comment
Question by:CONB_IT
  • 3
  • 3
6 Comments
 
LVL 24

Expert Comment

by:Ken Boone
ID: 40589042
I would prefer to give them VPN access.  That way the user is authenticated, the traffic is encrypted and you can lock him down to only have access to those 6 IP addresses inside your network.  You can revoke his login anytime you want.
0
 

Author Comment

by:CONB_IT
ID: 40589642
How would I do that?
0
 
LVL 24

Expert Comment

by:Ken Boone
ID: 40589737
So here is a link to a configuration walk through:

http://www.petenetlive.com/KB/Article/0000943.htm

The difference for you is that the split tunnel list will just have those 6 host ip addresses in there.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:CONB_IT
ID: 40591077
We don't use Cisco Anyconnect we use the Cisco VPN Client. See Below

Outside vendor IP address 24.x.x.x

Needs to have access to these inside our network ip addresses through the ASA

10.4.X.X
10.6.X.X
10.7.X.X
10.8.X.X
10.9.X.X
0
 
LVL 24

Accepted Solution

by:
Ken Boone earned 500 total points
ID: 40591183
So if you are using the old vpn client, its still the same idea.  Set up a new group for this vendor, set up a new IP pool to hand out to this vendor when they connect with vpn.  Then set up a no nat rule just between these 6 ip ranges and the ip pool you assigned to the vendor.  Then set up these 6 ip ranges in a spin tunnel list for this vendor.
0
 

Author Closing Comment

by:CONB_IT
ID: 40591246
Thank you! Great help.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
#Citrix #POC #XenDesktop #vCenter #VMware #ESX
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now