Cisco ASA 5510

Posted on 2015-02-04
Last Modified: 2015-02-05
I have a Cisco ASA 5510 and we have a vendor that has given me a single ip address on his end. He needs to reach 6 different static ip addresses inside my network through the single vendor supplied ip address. What would the best way to handle this through the firewall? VPN or some other way and how do you set it up?
Question by:CONB_IT
  • 3
  • 3
LVL 24

Expert Comment

by:Ken Boone
ID: 40589042
I would prefer to give them VPN access.  That way the user is authenticated, the traffic is encrypted and you can lock him down to only have access to those 6 IP addresses inside your network.  You can revoke his login anytime you want.

Author Comment

ID: 40589642
How would I do that?
LVL 24

Expert Comment

by:Ken Boone
ID: 40589737
So here is a link to a configuration walk through:

The difference for you is that the split tunnel list will just have those 6 host ip addresses in there.
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!


Author Comment

ID: 40591077
We don't use Cisco Anyconnect we use the Cisco VPN Client. See Below

Outside vendor IP address 24.x.x.x

Needs to have access to these inside our network ip addresses through the ASA

LVL 24

Accepted Solution

Ken Boone earned 500 total points
ID: 40591183
So if you are using the old vpn client, its still the same idea.  Set up a new group for this vendor, set up a new IP pool to hand out to this vendor when they connect with vpn.  Then set up a no nat rule just between these 6 ip ranges and the ip pool you assigned to the vendor.  Then set up these 6 ip ranges in a spin tunnel list for this vendor.

Author Closing Comment

ID: 40591246
Thank you! Great help.

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now