Solved

Cisco ASA 5510

Posted on 2015-02-04
6
183 Views
Last Modified: 2015-02-05
I have a Cisco ASA 5510 and we have a vendor that has given me a single ip address on his end. He needs to reach 6 different static ip addresses inside my network through the single vendor supplied ip address. What would the best way to handle this through the firewall? VPN or some other way and how do you set it up?
0
Comment
Question by:CONB_IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 25

Expert Comment

by:Ken Boone
ID: 40589042
I would prefer to give them VPN access.  That way the user is authenticated, the traffic is encrypted and you can lock him down to only have access to those 6 IP addresses inside your network.  You can revoke his login anytime you want.
0
 

Author Comment

by:CONB_IT
ID: 40589642
How would I do that?
0
 
LVL 25

Expert Comment

by:Ken Boone
ID: 40589737
So here is a link to a configuration walk through:

http://www.petenetlive.com/KB/Article/0000943.htm

The difference for you is that the split tunnel list will just have those 6 host ip addresses in there.
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 

Author Comment

by:CONB_IT
ID: 40591077
We don't use Cisco Anyconnect we use the Cisco VPN Client. See Below

Outside vendor IP address 24.x.x.x

Needs to have access to these inside our network ip addresses through the ASA

10.4.X.X
10.6.X.X
10.7.X.X
10.8.X.X
10.9.X.X
0
 
LVL 25

Accepted Solution

by:
Ken Boone earned 500 total points
ID: 40591183
So if you are using the old vpn client, its still the same idea.  Set up a new group for this vendor, set up a new IP pool to hand out to this vendor when they connect with vpn.  Then set up a no nat rule just between these 6 ip ranges and the ip pool you assigned to the vendor.  Then set up these 6 ip ranges in a spin tunnel list for this vendor.
0
 

Author Closing Comment

by:CONB_IT
ID: 40591246
Thank you! Great help.
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Receiving wifi on an underground station 22 124
CISCO wireless controller & AP 2 33
Microwave IP VPN or Wireless Bridging 26 46
Port forwarding on ubuntu 8 23
As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, (http://www.experts-exchange.com/articles/18084/Upgrading-to-Android-5-0-Lollipop.html) because one time I did this and I essentially had a bricked …
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question